Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:SQL:INJ:SOLARWINDS |
|---|---|
Severity |
Minor |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
SolarWinds Orion GetAccountGroups Multiple SQL Injections |
Release Date |
2015/04/27 |
Update Number |
2489 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: SolarWinds Orion GetAccountGroups Multiple SQL Injections
This signature detects specific characters in the requests send to the SolarWinds Application. Because these characters are not normally used in, this can indicate a SQL injection attack in SolarWinds.
Extended Description
Multiple SQL injection vulnerabilities in the Manage Accounts page in the AccountManagement.asmx service in the Solarwinds Orion Platform 2015.1, as used in Network Performance Monitor (NPM) before 11.5, NetFlow Traffic Analyzer (NTA) before 4.1, Network Configuration Manager (NCM) before 7.3.2, IP Address Manager (IPAM) before 4.3, User Device Tracker (UDT) before 3.2, VoIP & Network Quality Manager (VNQM) before 4.2, Server & Application Manager (SAM) before 6.2, Web Performance Monitor (WPM) before 2.2, and possibly other Solarwinds products, allow remote authenticated users to execute arbitrary SQL commands via the (1) dir or (2) sort parameter to the (a) GetAccounts or (b) GetAccountGroups endpoint.
Affected Products
- Solarwinds orion_ip_address_manager 4.2
- Solarwinds orion_netflow_traffic_analyzer 4.0
- Solarwinds orion_network_configuration_manager 7.3.1
- Solarwinds orion_network_performance_monitor 11.4
- Solarwinds orion_server_and_application_manager 6.1
- Solarwinds orion_user_device_tracker 3.1
- Solarwinds orion_voip_&_network_quality_manager 4.1
- Solarwinds orion_web_performance_monitor 2.1
References
- CVE: CVE-2014-9566