SolarWinds Storage Manager < 5.7.2 Remote Code Execution
Critical Nessus Plugin ID 77504
SynopsisThe remote host is running a web application affected by a remote code execution vulnerability.
DescriptionThe remote host is running a version of SolarWinds Storage Manager prior to 5.7.2. It is, therefore, affected by a remote code execution vulnerability due to a flaw in the 'AuthenticationFilter' class. A remote, unauthenticated attacker can exploit this vulnerability to upload malicious scripts which can then execute arbitrary code as the user 'SYSTEM'.
SolutionUpgrade to SolarWinds Storage Manager version 5.7.2 or later.