Are DATABASICS instances affected by CVE-2022-22963, CVE-2022-22965?
Initial review of our applications, we are not affected by CVE-2022-22963, CVE-2022-22965. Our security and development team is assessing whether these vulnerabilities affect any of other products and services we use. We will update this page as soon as we have any results from their investigation.
Action taken:
Audit/Monitor application logs for unexpected system errors or messages including inappropriate access.
Configured firewall rules to intercept and drop malicious web requests
The WAF team is actively monitoring these CVEs and have already deployed a number of new managed mitigation rules.