CVE-2016-4350

Name of the Vulnerable Software and Affected Versions SolarWinds Storage Resource Monitor (SRM) Profiler versions prior to 6.2.3

Description The issue concerns multiple SQL injection vulnerabilities in the Web Services web server. These vulnerabilities allow remote attackers to execute arbitrary SQL commands via various parameters in different servlets, including ScriptSchedule in the ScriptServlet servlet, winEventId or winEventLog in the WindowsEventLogsServlet servlet, processOS in the ProcessesServlet servlet, and others. This can lead to unauthorized access and manipulation of data.

Recommendations For versions prior to 6.2.3, update to version 6.2.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable servlets until a patch is applied. Avoid using the specified parameters in the affected API endpoints until the issue is resolved. Restrict access to the vulnerable modules to minimize the risk of exploitation.