Are DATABASICS instances affected by CVE-2022-22963, CVE-2022-22965?
Initial review of our applications, we are not affected by CVE-2022-22963, CVE-2022-22965. Our security and development team is assessing whether these vulnerabilities affect any of other products and services we use. We will update this page as soon as we have any results from their investigation.
Four CVEs have been released so far and are being actively updated as new information emerges. These vulnerabilities can result, in the worst case, in full remote code execution (RCE) compromise:
• CVE-2022-22947
• CVE-2022-22950
• CVE-2022-22963
• CVE-2022-22965
Action taken by our team:
Audit/Monitor application logs for unexpected system errors or messages including inappropriate access.
Configured firewall rules to intercept and drop malicious web requests
The WAF team is actively monitoring these CVEs and have already deployed a number of new managed mitigation rules.