SQL Injection in Solarwinds Orion_ip_address_manager
CVE-2014-9566
Multiple SQL injection vulnerabilities in the Manage Accounts page in the AccountManagement.asmx service in the Solarwinds Orion Platform 2015.1, as used in Network Performance Monitor (NPM) before 11.5, NetFlow Traffic Analyzer (NTA) befo…
Vulnerability class: SQL Injection
EPSS: 0.775 (99.0th percentile) — read the EPSS interpretation.
Affected products
- Solarwinds Orion_ip_address_manager
- Solarwinds Orion_netflow_traffic_analyzer
- Solarwinds Orion_network_configuration_manager
- Solarwinds Orion_network_performance_monitor
- Solarwinds Orion_server_and_application_manager
- Solarwinds Orion_user_device_tracker
- Solarwinds Orion_voip_\&_network_quality_manager
- Solarwinds Orion_web_performance_monitor
- N/a — versions n/a
Weakness classification (CWE)
Public proof-of-concept exploits
References
- cve@mitre.org (x_refsource_MISC)
- 36262 (Exploit, exploit, x_refsource_EXPLOIT-DB)
- 118746 (x_refsource_OSVDB, vdb-entry)
- cve@mitre.org (Exploit, x_refsource_MISC)
- 20150303 Multiple SQL injections in core Orion service affecting many Solarwinds products (CVE-2014-9566) (mailing-list, Exploit, x_refsource_FULLDISC)
- cve@mitre.org (Exploit, x_refsource_MISC)
- cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
Frequently asked questions
- What is CVE-2014-9566?
- CVE-2014-9566 is a vulnerability in Solarwinds Orion_ip_address_manager, classified under SQL Injection. Published 2015-03-10.
- Is CVE-2014-9566 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.