Multiple SQL injections in core Orion service affecting many Solarwinds products (CVE-2014-9566)

Posted by Brandon Perry on Mar 03

I found a couple SQL injection vulnerabilities in the core Orion service
used in most of the Solarwinds products (SAM, IPAM, NPM, NCM, etc…). This
service provides a consistent configuration and authentication layer across
the products.

To be exact, the vulnerable applications and versions are:

Network Performance Monitor — < 11.5
NetFlow Traffic Analyzer — < 4.1
Network Configuration Manager — < 7.3.2
IP Address Manager — <…

Leave a Reply