CVE-2022-3801

High PUBLISHED

IBAX go-ibax rowsInfo sql injection

IBAX · go-ibax

Not yet in CISA KEV

Exploited in the wild

Recommended Action

Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.

Confidence
High
Exploitation Status
Exploited in the wild
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
Not yet in CISA KEV
CVSS / EPSS
6.3 Medium EPSS 30.1%

At a Glance

A vulnerability, which was classified as critical, was found in IBAX go-ibax. This affects an unknown part of the file /api/v2/open/rowsInfo. The manipulation of the argument order leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-212637 was assigned to this vulnerability.

CVE Published
Nov 01, 2022
Exploitation Reported
Jun 07, 2026
CVSS
6.3 Medium
EPSS
30.1%
Remote Low complexity No user interaction

Affected Versions

Vendor Product Version Status
IBAX
go-ibax

n/a

Affected

CVE References

Recommended Actions

  • Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.