This script is Copyright (C) 2016 Tenable Network Security, Inc.
A web application running on the remote host is affected by a remote
code execution vulnerability.
The version of SolarWinds Storage Resource Monitor (SRM) Profiler
(formerly SolarWinds Storage Manager) running on the remote host is
prior to 6.2.3 Hotfix 1. It is, therefore, affected by a remote code
execution vulnerability in ScriptServlet due to a failure to sanitize
user-supplied input to the addNewRule() method of RulesMetaData. An
unauthenticated, remote attacker can exploit this, via SQL injection,
to disclose or manipulate arbitrary data in the back-end database or
to execute arbitrary code with SYSTEM privileges.
See also :
Upgrade to SolarWinds SRM Profiler version 6.2.3 Hotfix 1 or later.
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 8.3
Public Exploit Available : true
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now