Summary
SolarWinds Storage Manager is prone to a remote code execution vulnerability
Impact
This may allow a remote attacker to subvert
the authentication filter and upload arbitrary scripts, and use them to execute arbitrary code.
Solution
Update to 5.7.2 or higher.
Insight
SolarWinds Storage Manager contains a flaw
in the AuthenticationFilter class.
Affected
Storage Manager Server before 5.7.2 is vulnerable
Detection
Try to upload a file.
References
Updated on 2015-03-25
Severity
Classification
-
CVSS Base Score: 8.5
AV:N/AC:L/Au:N/C:C/I:P/A:N
Related Vulnerabilities
- AlienVault Open Source SIEM (OSSIM) 'timestamp' Parameter Directory Traversal Vulnerability
- Baby Gekko CMS Multiple Vulnerabilities
- Apache Struts ClassLoader Manipulation Vulnerabilities
- ArticleFR CMS 'id' Parameter SQL Injection Vulnerability
- Andy's PHP Knowledgebase 's' Parameter SQL Injection Vulnerability