SolarWinds.Storage.Manager.Server.SQL.Injection
Description
This indicates an attack attempt to exploit a SQL Injection vulnerability in SolarWinds Storage Manager.
The vulnerability is a result of the application's failure to properly sanitize user input in the "loginName" field before using it in a SQL query. A remote attacker can exploit this to send a crafted query to execute SQL commands on a vulnerable server.
Affected Products
SolarWinds Storage Manager, powered by Profiler 5.12 and earlier versions
SolarWinds Storage Profiler 5.12 and earlier versions
SolarWinds Backup Profiler 5.12 and earlier versions
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply patch available from the website.
http://www.solarwinds.com/documentation/storage/storagemanager/docs/ReleaseNotes/vulnerability.htm
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2019-06-07 | 14.628 | Severity:medium:critical |