ID de Prueba:	1.3.6.1.4.1.25623.1.0.105969
Categoría:	Web application abuses
Título:	SolarWinds IP Address Manager (IPAM) < 4.3 Multiple SQLi Vulnerabilities
Resumen:	SolarWinds IP Address Manager (IPAM) is prone to multiple SQL; injection (SQLi) vulnerabilities.
Descripción:	Summary: SolarWinds IP Address Manager (IPAM) is prone to multiple SQL injection (SQLi) vulnerabilities. Vulnerability Insight: On both the GetAccounts and GetAccountGroups endpoints, the 'sort' and 'dir' parameters are susceptible to boolean-/time-based, and stacked injections. The attacker has to be authenticated but it can be even exploited under a guest account. Vulnerability Impact: An authenticated attacker might execute arbitrary SQL commands to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Affected Software/OS: SolarWinds IPAM version 4.2 and prior. Solution: Update to version 4.3 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-9566 http://www.exploit-db.com/exploits/36262 http://seclists.org/fulldisclosure/2015/Mar/18 http://packetstormsecurity.com/files/130637/Solarwinds-Orion-Service-SQL-Injection.html http://volatile-minds.blogspot.com/2015/02/authenticated-stacked-sql-injection-in.html https://github.com/rapid7/metasploit-framework/pull/4836 http://osvdb.org/show/osvdb/118746
Copyright	Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.