Vulnerabilities for Orion network configuration manager (...) - CXSECURITY.COM

Vulnerabilities for
'Orion network configuration manager'

2015-03-10

CVE-2014-9566

Multiple SQL injection vulnerabilities in the Manage Accounts page in the AccountManagement.asmx service in the Solarwinds Orion Platform 2015.1, as used in Network Performance Monitor (NPM) before 11.5, NetFlow Traffic Analyzer (NTA) before 4.1, Network Configuration Manager (NCM) before 7.3.2, IP Address Manager (IPAM) before 4.3, User Device Tracker (UDT) before 3.2, VoIP & Network Quality Manager (VNQM) before 4.2, Server & Application Manager (SAM) before 6.2, Web Performance Monitor (WPM) before 2.2, and possibly other Solarwinds products, allow remote authenticated users to execute arbitrary SQL commands via the (1) dir or (2) sort parameter to the (a) GetAccounts or (b) GetAccountGroups endpoint.

>>> Vendor: Solarwinds 46 Products

Orion network performance monitor

Ip address manager web interface

Network configuration manager

Log and event manager

Server and application monitor

Orion ip address manager

Orion netflow traffic analyzer

Orion network configuration manager

Orion server and application manager

Orion user device tracker

Orion voip & network quality manager

Orion web performance monitor

Firewall security manager

Storage manager

N-able n-central

Storage resource monitor

Virtualization manager

Log & event manager

Network performance monitor

Sftp/scp server

Serv-u ftp server

Damewire mini remote control

Database performance analyzer

Dameware mini remote control firmware

Dameware remote support

Serv-u managed file transfer

Managed service provider patch management engine

Advanced monitoring agent

Orion virtual infrastructure monitor

Serv-u file server

Dameware mini remote control

Kiwi syslog server

Access rights manager

Copyright 2024, cxsecurity.com