tencent cloud

Web Application Firewall

Release Notes and Announcements
Release Notes
Product Announcement
Security Advisory
Product Introduction
Overview
Product Category
Strengths
Scenarios
Plans and Editions
Supported Regions
Basic Concepts
Getting Started
Getting Started
FAQs for Beginners
Operation Guide
Overview
Connection Management
Security Operations
Protection Policies
Service Settings
사례 튜토리얼
WAF CCP Overview
Bot Management
API Security
Integration
Protection Configuration
FAQS
Product Consultation
Connection
Usage
Permissions
Sandbox Isolation Status
WAF 정책
개인 정보 보호 정책
데이터 처리 및 보안 계약
문서Web Application FirewallRelease Notes and Announcements Security AdvisoryNotice for Yonyou GRP-U8 SQL Injection Vulnerability

Notice for Yonyou GRP-U8 SQL Injection Vulnerability

PDF
포커스 모드
폰트 크기
마지막 업데이트 시간: 2022-06-23 11:14:26
On September 11, 2020, Tencent Security noticed a SQL injection vulnerability in Yonyou GRP-U8 internal control and management software for government affairs. Attackers can use a carefully constructed payload to perform SQL injection attacks in order to get sensitive database information.
Exploitations in the wild (ITW) have been detected, and Tencent Cloud WAF supports defense against them.

Vulnerability Details

Attackers can use a carefully constructed payload to perform SQL injection attacks in order to get sensitive database information, and Tencent Cloud WAF currently supports defense against them.

Affected Versions

Yonyou GRP-U8 internal control and management software for government affairs.

Suggestions for Fix

According to the vulnerability advisory, there is currently no official update. Tencent Security recommends you:
Restrain exposing the software to the public network due to its sensitivity or use an allowlist policy.
Use WAF to detect and block attacks.

References

CNVD-2020-49261
Yonyou Gov website
이전 주제: Notice for WebLogic Console HTTP RCE Vulnerability다음 주제: Notice for Apache Cocoon XXE Vulnerability (CVE-2020-11991)

도움말 및 지원

문제 해결에 도움이 되었나요?

피드백