← Back to Security Advisories Overview
High
CVE(s)
CVE-2022-0366
Updated:
Product(s)
Capsule8 Console
Publication ID:
sophos-sa-20220201-cap8-console-sqli
Article Version:
1
First Published:
Workaround:
No
Overview
A post-auth SQL injection vulnerability in the Capsule8 Console was discovered by Sophos during internal security testing. The vulnerability has been fixed.
The remediation prevented a previously authorized agent from gaining administrative access on Console.
Applies to the following Sophos product(s) and version(s)
-
Capsule8 Console versions 4.6.0 through 4.9.1 inclusive
Remediation
-
Fix included in Capsule8 Console 4.10.0 on February 1, 2022
-
Users of older versions of Capsule8 Console are required to upgrade to receive this fix
-
Sophos always recommends that Capsule8 customers upgrade to the latest available release at their earliest opportunity