CVE-2022-29303 - SolarView Compact Command Injection Vulnerability

SolarView | Compact

• Date Added:
• 2023-07-13

• Due Date:
• 2023-08-03

Vulnerability Name

SolarView Compact Command Injection Vulnerability

Description

SolarView Compact contains a command injection vulnerability due to improper validation of input values on the send test mail console of the product's web server.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.

Additional Notes

https://jvn.jp/en/vu/JVNVU92327282/; https://nvd.nist.gov/vuln/detail/CVE-2022-29303

Latest Security News

CISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog, Urges Fixes by Feb 25

Credential Theft Becomes Cybercriminals' Favorite Target

Ferret Malware Added to 'Contagious Interview' Campaign

Zyxel won’t patch newly exploited flaws in end-of-life routers

Google Play, Apple App Store apps caught stealing crypto wallets

Cybercriminals Court Traitorous Insiders via Ransom Notes

Chinese 'Infrastructure Laundering' Abuses AWS, Microsoft Cloud

Cyber agencies share security guidance for network edge devices

Common Alerts

LowInsufficient Site Isolation Against Spectre Vulnerability

HighCross-Domain Misconfiguration - Adobe - Send

InformationalCross Site Scripting (Persistent) - Spider

InformationalModern Web Application

InformationalUser Controllable HTML Element Attribute (Potential XSS)

MediumApache Range Header DoS (CVE-2011-3192)

HighSession Fixation

InformationalSec-Fetch-User Header is Missing

LowStrict-Transport-Security Max-Age Malformed (Non-compliant with Spec)

LowX-Content-Type-Options Header Missing

Latest CVE List

CVE-2024-45195 Apache OFBiz Forced Browsing Vulnerability

CVE-2024-29059 Microsoft .NET Framework Information Disclosure Vulnerability

CVE-2018-9276 Paessler PRTG Network Monitor OS Command Injection Vulnerability

CVE-2018-19410 Paessler PRTG Network Monitor Local File Inclusion Vulnerability

CVE-2025-24085 Apple Multiple Products Use-After-Free Vulnerability

CVE-2025-23006 SonicWall SMA1000 Appliances Deserialization Vulnerability

CVE-2020-11023 JQuery Cross-Site Scripting (XSS) Vulnerability

CVE-2024-50603 Aviatrix Controllers OS Command Injection Vulnerability

CVE-2024-55591 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability

CVE-2025-21333 Microsoft Windows Hyper-V NT Kernel Integration VSP Heap-based Buffer Overflow Vulnerability

Common CWEs

CWE-763 Release of Invalid Pointer or Reference

CWE-215 Insertion of Sensitive Information Into Debugging Code

CWE-231 Improper Handling of Extra Values

CWE-228 Improper Handling of Syntactically Invalid Structure

CWE-111 Direct Use of Unsafe JNI

HighCWE-652 Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')

CWE-341 Predictable from Observable State

CWE-1264 Hardware Logic with Insecure De-Synchronization between Control and Data Channels

CWE-414 Missing Lock Check

CWE-335 Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)