FAQ for CVE-2022-22963, CVE-2022-22965

Owned by DATABASICS, Inc.
Last updated: Apr 01, 2022
1 min read

Are DATABASICS instances affected by CVE-2022-22963, CVE-2022-22965?

Initial review of our applications, we are not affected by CVE-2022-22963, CVE-2022-22965. Our security and development team is assessing whether these vulnerabilities affect any of other products and services we use. We will update this page as soon as we have any results from their investigation. 

Four CVEs have been released so far and are being actively updated as new information emerges. These vulnerabilities can result, in the worst case, in full remote code execution (RCE) compromise:

• CVE-2022-22947
• CVE-2022-22950
• CVE-2022-22963
• CVE-2022-22965

Action taken by our team:

  • Audit/Monitor application logs for unexpected system errors or messages including inappropriate access.

  • Configured firewall rules to intercept and drop malicious web requests

  • The WAF team is actively monitoring these CVEs and have already deployed a number of new managed mitigation rules.

 

2024 DATABASICS, Inc