This website uses cookies. By browsing this website, you consent to the use of cookies. Learn more.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Flexera Community
- :
- App Broker
- :
- App Broker Knowledge Base
- :
- MachineName Parameter can be used to Exploit a SQL...
Subscribe
- Article History
- Mark as New
- Mark as Read
- Subscribe
- Email to a Friend
- Printer Friendly Page
- Report Inappropriate Content
MachineName Parameter can be used to Exploit a SQL Injection Vulnerability in App Broker
MachineName Parameter can be used to Exploit a SQL Injection Vulnerability in App Broker
Symptoms:
A SQL injection vulnerability in App Broker 2018R1 and earlier allows local users to execute arbitrary SQL commands via the MachineName parameter.
Diagnosis:
The machine name sent by the client is not validated, and can be used to deliver SQL commands that would be interpreted by the database engine.
Steps to Reproduce:
Steps to reproduce are not available at this time, as this issue was discovered through a vulnerability scan of App Broker.
Resolution:
This issue has been resolved in App Broker 2019 R1. Please download the latest version of App Broker 2019 R1 from the PLC download area.
Additional Information:
This issue has been tracked under issue number IOJ-1908386.
For release notes and resolved issues in App Broker 2019 R1, please visit:
https://helpnet.flexerasoftware.com/appportal/rn2019r1/AppPortalAppBroker2019r1ReleaseNotes.htm#reso...
Related Documents:
Secunia Research at Flexera has issued an advisory SA88121.
A copy of the advisory is attached to this article.
A copy of the advisory is attached to this article.
No ratings
Version history