Customers are encouraged to review their NetBatch-Plus installations and upgrade to the latest software, if necessary.
NetBatch-Plus may accept malformed packets that could be exploited to allow unauthorized access to the database.
NetBatch-Plus may accept malformed packets that could be exploited to allow unauthorized access to the database. Customers are advised to be cautious when setting database permissions, be sure to follow proper security best practices, and if necessary, review database permissions and security best practices.
Symptoms of an Exploitable Vulnerability
NetBatch-Plus may accept malformed packets that could be exploited to allow unauthorized access to the database. A malicious packet may have the following qualities:
- Contains an invalid field
- Contains a field with a value unexpected for its size (i.e., a packet with more than 1,000 bytes)
- Contains data that is not in the expected format (i.e., not ASCII text)
- Contains data that is truncated but which contains at least one byte of valid data
- Applies only to TCP connections
Network Security Auditing
NetBatch-Plus provides a security audit function that can be used by administrators to review the configuration of NetBatch-Plus. This allows for detection and remediation of vulnerabilities where malicious packets are not being blocked, or if permission settings have been compromised.
NetBatch-Plus provides a security audit function that can be used by administrators to review the configuration of NetBatch-Plus. This allows for detection and remediation of vulnerabilities where malicious packets are not being blocked, or if permission settings have been compromised. To perform a security audit, open the application menu (white menu bar) and select "Audit" from the dropdown menu.
Products Affected NetBatch-Plus
Customers are encouraged to review their NetBatch-Plus installations and upgrade to the latest software, if necessary.
How to Detect if You are Vulnerable to NetBatch-Plus SQL Injection
If you suspect that you are vulnerable to NetBatch-Plus SQL Injection, the following approaches may help you troubleshoot further:
1. Review your database permissions.
2. Review your security best practices.
3. Perform a SQL injection test with a tool such as Burp Suite or sentryOne.
Timeline
Published on: 11/22/2022 05:15:00 UTC
Last modified on: 11/29/2022 13:19:00 UTC