CVE-2012-2576

9.8CRITICAL

Key Information:

Vendor: Solarwinds
Status: Backup Profiler; Storage Profiler; Storage Manager
Vendor: CVE Published:; 20 December 2017

Summary

SQL injection vulnerability in the LoginServlet page in SolarWinds Storage Manager before 5.1.2, SolarWinds Storage Profiler before 5.1.2, and SolarWinds Backup Profiler before 5.1.2 allows remote attackers to execute arbitrary SQL commands via the loginName field.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/72680

vdb-entryx_refsource_XF

http://www.solarwinds.com/documentation/storage/storagema...

x_refsource_CONFIRM

http://www.exploit-db.com/exploits/18818

exploitx_refsource_EXPLOIT-DB

EPSS Score

12% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 20, 2017
Vulnerability Reserved
May 9, 2012

.