CVE-2012-2576

high-risk
Published 2017-12-20

SQL injection vulnerability in the LoginServlet page in SolarWinds Storage Manager before 5.1.2, SolarWinds Storage Profiler before 5.1.2, and SolarWinds Backup Profiler before 5.1.2 allows remote attackers to execute arbitrary SQL commands via the loginName field.

Do I need to act?

!
41.1% chance of exploitation in next 30 days
EPSS score — higher than 59% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
18818
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (3)

Affected Vendors

Solarwinds

References (10)

Exploit http://www.exploit-db.com/exploits/18818
Exploit http://www.exploit-db.com/exploits/18833
Third Party Advisory http://www.securityfocus.com/bid/51639
Vendor Advisory http://www.solarwinds.com/documentation/storage/storagemanager/docs/ReleaseNotes...
Third Party Advisory https://exchange.xforce.ibmcloud.com/vulnerabilities/72680
Exploit http://www.exploit-db.com/exploits/18818
Exploit http://www.exploit-db.com/exploits/18833
Third Party Advisory http://www.securityfocus.com/bid/51639
Vendor Advisory http://www.solarwinds.com/documentation/storage/storagemanager/docs/ReleaseNotes...
Third Party Advisory https://exchange.xforce.ibmcloud.com/vulnerabilities/72680
65
/ 100
high-risk
Severity 32/34 · Critical
Exploitability 24/34 · High
Exposure 9/34 · Low