CVE - CVE-2016-4350

CVE-ID
CVE-2016-4350	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Multiple SQL injection vulnerabilities in the Web Services web server in SolarWinds Storage Resource Monitor (SRM) Profiler (formerly Storage Manager (STM)) before 6.2.3 allow remote attackers to execute arbitrary SQL commands via the (1) ScriptSchedule parameter in the ScriptServlet servlet; the (2) winEventId or (3) winEventLog parameter in the WindowsEventLogsServlet servlet; the (4) processOS parameter in the ProcessesServlet servlet; the (5) group, (6) groupName, or (7) clientName parameter in the BackupExceptionsServlet servlet; the (8) valDB or (9) valFS parameter in the BackupAssociationServlet servlet; the (10) orderBy or (11) orderDir parameter in the HostStorageServlet servlet; the (12) fileName, (13) sortField, or (14) sortDirection parameter in the DuplicateFilesServlet servlet; the (15) orderFld or (16) orderDir parameter in the QuantumMonitorServlet servlet; the (17) exitCode parameter in the NbuErrorMessageServlet servlet; the (18) udfName, (19) displayName, (20) udfDescription, (21) udfDataValue, (22) udfSectionName, or (23) udfId parameter in the UserDefinedFieldConfigServlet servlet; the (24) sortField or (25) sortDirection parameter in the XiotechMonitorServlet servlet; the (26) sortField or (27) sortDirection parameter in the BexDriveUsageSummaryServlet servlet; the (28) state parameter in the ScriptServlet servlet; the (29) assignedNames parameter in the FileActionAssignmentServlet servlet; the (30) winEventSource parameter in the WindowsEventLogsServlet servlet; or the (31) name, (32) ipOne, (33) ipTwo, or (34) ipThree parameter in the XiotechMonitorServlet servlet.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
CONFIRM:http://www.solarwinds.com/documentation/storage/storagemanager/docs/ReleaseNotes/releaseNotes.htm MISC:http://www.zerodayinitiative.com/advisories/ZDI-16-249 MISC:http://www.zerodayinitiative.com/advisories/ZDI-16-250 MISC:http://www.zerodayinitiative.com/advisories/ZDI-16-251 MISC:http://www.zerodayinitiative.com/advisories/ZDI-16-252 MISC:http://www.zerodayinitiative.com/advisories/ZDI-16-253 MISC:http://www.zerodayinitiative.com/advisories/ZDI-16-254 MISC:http://www.zerodayinitiative.com/advisories/ZDI-16-255 MISC:http://www.zerodayinitiative.com/advisories/ZDI-16-256 MISC:http://www.zerodayinitiative.com/advisories/ZDI-16-257 MISC:http://www.zerodayinitiative.com/advisories/ZDI-16-258 MISC:http://www.zerodayinitiative.com/advisories/ZDI-16-259 MISC:http://www.zerodayinitiative.com/advisories/ZDI-16-260 MISC:http://www.zerodayinitiative.com/advisories/ZDI-16-261 MISC:http://www.zerodayinitiative.com/advisories/ZDI-16-262 MISC:http://www.zerodayinitiative.com/advisories/ZDI-16-263 MISC:http://www.zerodayinitiative.com/advisories/ZDI-16-264 MISC:http://www.zerodayinitiative.com/advisories/ZDI-16-265 MISC:http://www.zerodayinitiative.com/advisories/ZDI-16-266 MISC:http://www.zerodayinitiative.com/advisories/ZDI-16-267 MISC:http://www.zerodayinitiative.com/advisories/ZDI-16-268 MISC:http://www.zerodayinitiative.com/advisories/ZDI-16-269 MISC:http://www.zerodayinitiative.com/advisories/ZDI-16-270 MISC:http://www.zerodayinitiative.com/advisories/ZDI-16-271 MISC:http://www.zerodayinitiative.com/advisories/ZDI-16-272
Assigning CNA
MITRE Corporation
Date Record Created
20160429	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20160429)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)