• State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 20 subscribers
  • Views 303 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

SQL Injection Vulnerability - Storage Manager

wrightj

After upgrading Storage Manager to the latest version 5.2, to fix a vulnerability, our 3rd party vendor identified a new high level SQL injection vulnerability with this application.  This was submitted to development almost a month ago, but has yet to be addressed.  This needs to be resolved since this is a high risk item, but it doesn't appear that anyone's made any progress with it. 

This is the high level description that we received from our vulnerability analysis system:

This host has a web application that is vulnerable to a SQL injection authentication bypass. SQL injection authentication bypasses occur when an attacker is able to supply input in such a way that the resulting combined SQL statement executed on the web server is both valid and results in login access.

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.