MachineName Parameter can be used to Exploit a SQL Injection Vulnerability in App Broker
Symptoms: A SQL injection vulnerability in App Broker 2018R1 and earlier allows local users to execute arbitrary SQL commands via the MachineName parameter. Diagnosis: The machine name sent by the client is not validated, and can be used to deliv...