SolarWinds Storage Resource Monitor Profiler addNewRule SQL Injection RCE
Critical Nessus Plugin ID 92559
SynopsisA web application running on the remote host is affected by a remote code execution vulnerability.
DescriptionThe SolarWinds Storage Resource Monitor (SRM) Profiler (formerly SolarWinds Storage Manager) running on the remote host is affected by a remote code execution vulnerability in ScriptServlet due to a failure to sanitize user-supplied input to the addNewRule() method of the RulesMetaData class. An unauthenticated, remote attacker can exploit this, via SQL injection, to disclose or manipulate arbitrary data in the back-end database or to execute arbitrary code in the context of the database.
Note that the attacker, in order to exploit this vulnerability, would need to exploit a path traversal vulnerability to invoke the ScriptServlet servlet. This path traversal vulnerability was first fixed in version 6.2.3.
SolutionUpgrade to SolarWinds SRM Profiler version 6.2.3 Hotfix 1 or later.