Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2016-4350 | First vendor Publication | 2016-05-09 |
Vendor | Cve | Last vendor Modification | 2016-05-16 |
Security-Database Scoring CVSS v3
Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | |||
---|---|---|---|
Overall CVSS Score | 9.8 | ||
Base Score | 9.8 | Environmental Score | 9.8 |
impact SubScore | 5.9 | Temporal Score | 9.8 |
Exploitabality Sub Score | 3.9 | ||
Attack Vector | Network | Attack Complexity | Low |
Privileges Required | None | User Interaction | None |
Scope | Unchanged | Confidentiality Impact | High |
Integrity Impact | High | Availability Impact | High |
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Multiple SQL injection vulnerabilities in the Web Services web server in SolarWinds Storage Resource Monitor (SRM) Profiler (formerly Storage Manager (STM)) before 6.2.3 allow remote attackers to execute arbitrary SQL commands via the (1) ScriptSchedule parameter in the ScriptServlet servlet; the (2) winEventId or (3) winEventLog parameter in the WindowsEventLogsServlet servlet; the (4) processOS parameter in the ProcessesServlet servlet; the (5) group, (6) groupName, or (7) clientName parameter in the BackupExceptionsServlet servlet; the (8) valDB or (9) valFS parameter in the BackupAssociationServlet servlet; the (10) orderBy or (11) orderDir parameter in the HostStorageServlet servlet; the (12) fileName, (13) sortField, or (14) sortDirection parameter in the DuplicateFilesServlet servlet; the (15) orderFld or (16) orderDir parameter in the QuantumMonitorServlet servlet; the (17) exitCode parameter in the NbuErrorMessageServlet servlet; the (18) udfName, (19) displayName, (20) udfDescription, (21) udfDataValue, (22) udfSectionName, or (23) udfId parameter in the UserDefinedFieldConfigServlet servlet; the (24) sortField or (25) sortDirection parameter in the XiotechMonitorServlet servlet; the (26) sortField or (27) sortDirection parameter in the BexDriveUsageSummaryServlet servlet; the (28) state parameter in the ScriptServlet servlet; the (29) assignedNames parameter in the FileActionAssignmentServlet servlet; the (30) winEventSource parameter in the WindowsEventLogsServlet servlet; or the (31) name, (32) ipOne, (33) ipTwo, or (34) ipThree parameter in the XiotechMonitorServlet servlet. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4350 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-89 | Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection') (CWE/SANS Top 25) |
Snort® IPS/IDS
Date | Description |
---|---|
2017-07-18 | SolarWinds SRM Profiler XiotechMonitorServlet SQL injection attempt RuleID : 43210 - Revision : 1 - Type : SERVER-WEBAPP |
2017-07-18 | SolarWinds SRM Profiler XiotechMonitorServlet SQL injection attempt RuleID : 43209 - Revision : 1 - Type : SERVER-WEBAPP |
2017-07-18 | SolarWinds SRM Profiler UserDefinedFieldConfigServlet SQL injection attempt RuleID : 43208 - Revision : 1 - Type : SERVER-WEBAPP |
2017-07-18 | SolarWinds SRM Profiler UserDefinedFieldConfigServlet SQL injection attempt RuleID : 43207 - Revision : 1 - Type : SERVER-WEBAPP |
2017-07-18 | SolarWinds SRM Profiler QuantumMonitorServlet SQL injection attempt RuleID : 43206 - Revision : 1 - Type : SERVER-WEBAPP |
2017-07-18 | SolarWinds SRM Profiler QuantumMonitorServlet SQL injection attempt RuleID : 43205 - Revision : 1 - Type : SERVER-WEBAPP |
2017-07-18 | SolarWinds SRM Profiler ProcessesServlet SQL injection attempt RuleID : 43204 - Revision : 1 - Type : SERVER-WEBAPP |
2017-07-18 | SolarWinds SRM Profiler ProcessesServlet SQL injection attempt RuleID : 43203 - Revision : 1 - Type : SERVER-WEBAPP |
2017-07-18 | SolarWinds SRM Profiler NbuErrorMessageServlet SQL injection attempt RuleID : 43202 - Revision : 1 - Type : SERVER-WEBAPP |
2017-07-18 | SolarWinds SRM Profiler NbuErrorMessageServlet SQL injection attempt RuleID : 43201 - Revision : 1 - Type : SERVER-WEBAPP |
2017-07-18 | SolarWinds SRM Profiler HostStorageServlet SQL injection attempt RuleID : 43200 - Revision : 1 - Type : SERVER-WEBAPP |
2017-07-18 | SolarWinds SRM Profiler HostStorageServlet SQL injection attempt RuleID : 43199 - Revision : 1 - Type : SERVER-WEBAPP |
2017-07-18 | SolarWinds SRM Profiler FileActionAssignmentServlet SQL injection attempt RuleID : 43198 - Revision : 1 - Type : SERVER-WEBAPP |
2017-07-18 | SolarWinds SRM Profiler FileActionAssignmentServlet SQL injection attempt RuleID : 43197 - Revision : 1 - Type : SERVER-WEBAPP |
2017-07-18 | SolarWinds SRM Profiler BackupAssociationServlet SQL injection attempt RuleID : 43196 - Revision : 1 - Type : SERVER-WEBAPP |
2017-07-18 | SolarWinds SRM Profiler BackupAssociationServlet SQL injection attempt RuleID : 43195 - Revision : 1 - Type : SERVER-WEBAPP |
2016-07-26 | SolarWinds SRM Profiler WindowsEventLogsServlet SQL injection attempt RuleID : 39340 - Revision : 3 - Type : SERVER-WEBAPP |
2016-07-26 | SolarWinds SRM Profiler WindowsEventLogsServlet SQL injection attempt RuleID : 39339 - Revision : 3 - Type : SERVER-WEBAPP |
2016-07-26 | SolarWinds SRM Profiler ScriptServlet SQL injection attempt RuleID : 39338 - Revision : 3 - Type : SERVER-WEBAPP |
2016-07-26 | SolarWinds SRM Profiler BexDriveUsageSummaryServlet SQL injection attempt RuleID : 39337 - Revision : 3 - Type : SERVER-WEBAPP |
2016-07-26 | SolarWinds SRM Profiler BexDriveUsageSummaryServlet SQL injection attempt RuleID : 39336 - Revision : 3 - Type : SERVER-WEBAPP |
2016-07-26 | SolarWinds SRM Profiler ScriptServlet SQL injection attempt RuleID : 39335 - Revision : 3 - Type : SERVER-WEBAPP |
2016-07-26 | SolarWinds SRM Profiler DuplicateFilesServlet SQL injection attempt RuleID : 39334 - Revision : 3 - Type : SERVER-WEBAPP |
2016-07-26 | SolarWinds SRM Profiler DuplicateFilesServlet SQL injection attempt RuleID : 39333 - Revision : 3 - Type : SERVER-WEBAPP |
2016-07-26 | SolarWinds SRM Profiler BackupExceptionsServlet SQL injection attempt RuleID : 39332 - Revision : 3 - Type : SERVER-WEBAPP |
2016-07-26 | SolarWinds SRM Profiler BackupExceptionsServlet SQL injection attempt RuleID : 39331 - Revision : 3 - Type : SERVER-WEBAPP |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-05-13 | Name : A web application running on the remote host is affected by multiple vulnerab... File : solarwinds_srm_profiler_6_2_3.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-04-22 02:00:22 |
|
2020-05-23 01:59:49 |
|
2020-05-23 00:51:12 |
|
2016-05-16 17:26:18 |
|
2016-05-14 13:29:01 |
|
2016-05-10 05:29:03 |
|