SQL Injection Vulnerability in SolarWinds Network Performance Monitor
CVE-2018-13442
8.8HIGH
Summary
The SolarWinds Network Performance Monitor 12.3 contains a vulnerability that allows for SQL Injection through the manipulation of parameters sent to the /api/ActiveAlertsOnThisEntity/GetActiveAlerts TriggeringObjectEntityNames endpoint. This flaw could potentially allow an attacker to execute arbitrary SQL queries, leading to unauthorized access to sensitive data or alteration of database contents, posing significant risks to network integrity.
References
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved