SQL Injection Vulnerability in SolarWinds Network Performance Monitor
CVE-2018-13442

8.8HIGH

Key Information:

Vendor
Solarwinds
Vendor
CVE Published:
16 July 2019

Summary

The SolarWinds Network Performance Monitor 12.3 contains a vulnerability that allows for SQL Injection through the manipulation of parameters sent to the /api/ActiveAlertsOnThisEntity/GetActiveAlerts TriggeringObjectEntityNames endpoint. This flaw could potentially allow an attacker to execute arbitrary SQL queries, leading to unauthorized access to sensitive data or alteration of database contents, posing significant risks to network integrity.

References

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.