cnvd - cnvd-2018-01379

CNVD-2018-01379

Vulnerability from cnvd - Published: 2018-01-19

Title

多款SolarWinds产品SQL注入漏洞

Description

SolarWinds Storage Manager、SolarWinds Storage Profiler和SolarWinds Backup Profiler都是美国SolarWinds公司的产品。SolarWinds Storage Manager是一套基于Web且整合了存储监控、报表、报警和预测分析等功能的数据存储管理软件。Storage Profiler是一套数据存储分析软件。Backup Profiler是一套数据备份分析软件。多款SolarWinds产品中存在SQL注入漏洞。远程攻击者可借助loginName字段利用该漏洞执行任意的SQL命令。

Severity

高

Patch Name

多款SolarWinds产品SQL注入漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： http://www.solarwinds.com/documentation/storage/storagemanager/docs/ReleaseNotes/vulnerability.htm

Reference

http://www.exploit-db.com/exploits/18818 http://www.securityfocus.com/bid/51639

Impacted products

Name
['SolarWinds Storage Manager Server 5.1.2', 'Solarwinds Storage Manager Server 5.1']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "51639"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2012-2576"
    }
  },
  "description": "SolarWinds Storage Manager\u3001SolarWinds Storage Profiler\u548cSolarWinds Backup Profiler\u90fd\u662f\u7f8e\u56fdSolarWinds\u516c\u53f8\u7684\u4ea7\u54c1\u3002SolarWinds Storage Manager\u662f\u4e00\u5957\u57fa\u4e8eWeb\u4e14\u6574\u5408\u4e86\u5b58\u50a8\u76d1\u63a7\u3001\u62a5\u8868\u3001\u62a5\u8b66\u548c\u9884\u6d4b\u5206\u6790\u7b49\u529f\u80fd\u7684\u6570\u636e\u5b58\u50a8\u7ba1\u7406\u8f6f\u4ef6\u3002Storage Profiler\u662f\u4e00\u5957\u6570\u636e\u5b58\u50a8\u5206\u6790\u8f6f\u4ef6\u3002Backup Profiler\u662f\u4e00\u5957\u6570\u636e\u5907\u4efd\u5206\u6790\u8f6f\u4ef6\u3002\r\n\r\n\u591a\u6b3eSolarWinds\u4ea7\u54c1\u4e2d\u5b58\u5728SQL\u6ce8\u5165\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9loginName\u5b57\u6bb5\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u7684SQL\u547d\u4ee4\u3002",
  "discovererName": "r@b13$ of Digital Defense",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://www.solarwinds.com/documentation/storage/storagemanager/docs/ReleaseNotes/vulnerability.htm",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-01379",
  "openTime": "2018-01-19",
  "patchDescription": "SolarWinds Storage Manager\u3001SolarWinds Storage Profiler\u548cSolarWinds Backup Profiler\u90fd\u662f\u7f8e\u56fdSolarWinds\u516c\u53f8\u7684\u4ea7\u54c1\u3002SolarWinds Storage Manager\u662f\u4e00\u5957\u57fa\u4e8eWeb\u4e14\u6574\u5408\u4e86\u5b58\u50a8\u76d1\u63a7\u3001\u62a5\u8868\u3001\u62a5\u8b66\u548c\u9884\u6d4b\u5206\u6790\u7b49\u529f\u80fd\u7684\u6570\u636e\u5b58\u50a8\u7ba1\u7406\u8f6f\u4ef6\u3002Storage Profiler\u662f\u4e00\u5957\u6570\u636e\u5b58\u50a8\u5206\u6790\u8f6f\u4ef6\u3002Backup Profiler\u662f\u4e00\u5957\u6570\u636e\u5907\u4efd\u5206\u6790\u8f6f\u4ef6\u3002\r\n\r\n\u591a\u6b3eSolarWinds\u4ea7\u54c1\u4e2d\u5b58\u5728SQL\u6ce8\u5165\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9loginName\u5b57\u6bb5\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u7684SQL\u547d\u4ee4\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eSolarWinds\u4ea7\u54c1SQL\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "SolarWinds Storage Manager Server 5.1.2",
      "Solarwinds Storage Manager Server 5.1"
    ]
  },
  "referenceLink": "http://www.exploit-db.com/exploits/18818\r\nhttp://www.securityfocus.com/bid/51639",
  "serverity": "\u9ad8",
  "submitTime": "2017-12-22",
  "title": "\u591a\u6b3eSolarWinds\u4ea7\u54c1SQL\u6ce8\u5165\u6f0f\u6d1e"
}

CVE-2012-2576 (GCVE-0-2012-2576)

Vulnerability from cvelistv5 – Published: 2017-12-20 21:00 – Updated: 2024-08-06 19:34

Summary

SQL injection vulnerability in the LoginServlet page in SolarWinds Storage Manager before 5.1.2, SolarWinds Storage Profiler before 5.1.2, and SolarWinds Backup Profiler before 5.1.2 allows remote attackers to execute arbitrary SQL commands via the loginName field.

Severity ?

No CVSS data available.

CWE

Assigner

certcc

References

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.solarwinds.com/documentation/storage/s…	x_refsource_CONFIRM
	http://www.exploit-db.com/exploits/18818	exploitx_refsource_EXPLOIT-DB
	http://www.securityfocus.com/bid/51639	vdb-entryx_refsource_BID
	http://www.exploit-db.com/exploits/18833	exploitx_refsource_EXPLOIT-DB

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T19:34:25.905Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "solarwnds-loginservlet-sql-injection(72680)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72680"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.solarwinds.com/documentation/storage/storagemanager/docs/ReleaseNotes/vulnerability.htm"
          },
          {
            "name": "18818",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "http://www.exploit-db.com/exploits/18818"
          },
          {
            "name": "51639",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/51639"
          },
          {
            "name": "18833",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "http://www.exploit-db.com/exploits/18833"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-01-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "SQL injection vulnerability in the LoginServlet page in SolarWinds Storage Manager before 5.1.2, SolarWinds Storage Profiler before 5.1.2, and SolarWinds Backup Profiler before 5.1.2 allows remote attackers to execute arbitrary SQL commands via the loginName field."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-20T20:57:01",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "name": "solarwnds-loginservlet-sql-injection(72680)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72680"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.solarwinds.com/documentation/storage/storagemanager/docs/ReleaseNotes/vulnerability.htm"
        },
        {
          "name": "18818",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "http://www.exploit-db.com/exploits/18818"
        },
        {
          "name": "51639",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/51639"
        },
        {
          "name": "18833",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "http://www.exploit-db.com/exploits/18833"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2012-2576",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SQL injection vulnerability in the LoginServlet page in SolarWinds Storage Manager before 5.1.2, SolarWinds Storage Profiler before 5.1.2, and SolarWinds Backup Profiler before 5.1.2 allows remote attackers to execute arbitrary SQL commands via the loginName field."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "solarwnds-loginservlet-sql-injection(72680)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72680"
            },
            {
              "name": "http://www.solarwinds.com/documentation/storage/storagemanager/docs/ReleaseNotes/vulnerability.htm",
              "refsource": "CONFIRM",
              "url": "http://www.solarwinds.com/documentation/storage/storagemanager/docs/ReleaseNotes/vulnerability.htm"
            },
            {
              "name": "18818",
              "refsource": "EXPLOIT-DB",
              "url": "http://www.exploit-db.com/exploits/18818"
            },
            {
              "name": "51639",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/51639"
            },
            {
              "name": "18833",
              "refsource": "EXPLOIT-DB",
              "url": "http://www.exploit-db.com/exploits/18833"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2012-2576",
    "datePublished": "2017-12-20T21:00:00",
    "dateReserved": "2012-05-09T00:00:00",
    "dateUpdated": "2024-08-06T19:34:25.905Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2018-01379

CVE-2012-2576 (GCVE-0-2012-2576)

Tags

Sightings

Nomenclature