Synopsis :

The remote host is running a web application with a SQL injection
vulnerability.

Description :

The version of SolarWinds Storage Manager running on the remote host
has a SQL injection vulnerability in the 'loginName' parameter of the
'LoginServlet' page. An attacker can leverage this flaw to bypass
authentication, execute arbitrary SQL commands on the underlying
database, and possibly compromise the database server host operating
system.

See also :

http://www.securityfocus.com/archive/1/521328/30/0/threaded
http://www.nessus.org/u?ebb7ec6a

Solution :

Either apply the hotfix for version 5.1.2 or upgrade to version 5.2
or later.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.2
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true