SolarWinds.Storage.Manager.Server.SQL.Injection

description-logoDescription

This indicates an attack attempt to exploit a SQL Injection vulnerability in SolarWinds Storage Manager.
The vulnerability is a result of the application's failure to properly sanitize user input in the "loginName" field before using it in a SQL query. A remote attacker can exploit this to send a crafted query to execute SQL commands on a vulnerable server.

affected-products-logoAffected Products

SolarWinds Storage Manager, powered by Profiler 5.12 and earlier versions
SolarWinds Storage Profiler 5.12 and earlier versions
SolarWinds Backup Profiler 5.12 and earlier versions

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2019-06-07 14.628 Severity:medium:critical