SolarWinds Storage Resource Monitor Profiler Module Multiple Vulnerabilities.

SolarWinds Storage Resource Monitor is Comprehensive storage performance monitoring and alerting across all your storage arrays to ensure peak performance and avoid capacity surprises.

The specific flaw exists within processing of the XiotechMonitorServlet servlet in the SolarWinds Storage Manager Web Services web server.

Following vulnerabilities are detected.
SolarWinds Storage Resource Monitor Profiler Module BackupMetaData BexDriveUsageSummaryServlet SQL Injection Remote Code Execution Vulnerability
SolarWinds Storage Resource Monitor Profiler Module XiotechMonitorServlet SQL Injection Remote Code Execution Vulnerability
SolarWinds Storage Resource Monitor Profiler Module XiotechMonitorServlet SQL Injection Remote Code Execution Vulnerability
SolarWinds Storage Resource Monitor Profiler Module XiotechMonitorServlet SQL Injection Remote Code Execution Vulnerability
SolarWinds Storage Resource Monitor Profiler Module UserDefinedFieldConfigServlet SQL Injection Remote Code Execution Vulnerability
SolarWinds Storage Resource Monitor Profiler Module UserDefinedFieldConfigServlet SQL Injection Remote Code Execution Vulnerability
SolarWinds Storage Resource Monitor Profiler Module UserDefinedFieldConfigServlet SQL Injection Remote Code Execution Vulnerability
SolarWinds Storage Resource Monitor Profiler Module NbuErrorMessageServlet SQL Injection Remote Code Execution Vulnerability
SolarWinds Storage Resource Monitor Profiler Module HostStorageServlet SQL Injection Remote Code Execution Vulnerability
SolarWinds Storage Resource Monitor Profiler Module QuantumMonitorServlet SQL Injection Remote Code Execution Vulnerability
SolarWinds Storage Resource Monitor Profiler Module DuplicateFilesServlet SQL Injection Remote Code Execution Vulnerability
SolarWinds Storage Resource Monitor Profiler Module HostStorageServlet SQL Injection Remote Code Execution Vulnerability
SolarWinds Storage Resource Monitor Profiler Module HostStorageServlet SQL Injection Remote Code Execution Vulnerability
SolarWinds Storage Resource Monitor Profiler Module BackupAssociationServlet SQL Injection Remote Code Execution Vulnerability
SolarWinds Storage Resource Monitor Profiler Module BackupAssociationServlet SQL Injection Remote Code Execution Vulnerability
SolarWinds Storage Resource Monitor Profiler Module BackupExceptionsServlet SQL Injection Remote Code Execution Vulnerability
SolarWinds Storage Resource Monitor Profiler Module ProcessesServlet SQL Injection Remote Code Execution Vulnerability
SolarWinds Storage Resource Monitor Profiler Module WindowsEventLogsServlet SQL Injection Remote Code Execution Vulnerability
SolarWinds Storage Resource Monitor Profiler Module WindowsEventLogsServlet SQL Injection Remote Code Execution Vulnerability
SolarWinds Storage Resource Monitor Profiler Module WindowsEventLogsServlet SQL Injection Remote Code Execution Vulnerability
SolarWinds Storage Resource Monitor Profiler Module FileActionAssignmentServlet SQL Injection Remote Code Execution Vulnerability
SolarWinds Storage Resource Monitor Profiler Module ScriptServlet SQL Injection Remote Code Execution Vulnerability
SolarWinds Storage Resource Monitor Profiler Module ScriptServlet SQL Injection Remote Code Execution Vulnerability
SolarWinds Storage Resource Monitor Profiler Module ScriptServlet SQL Injection Remote Code Execution Vulnerability

Affected version
SolarWinds Storage Resource Monitor prior to 6.2.3

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SolarWinds Storage Resource Monitor Profiler Module. Authentication is not required to exploit this vulnerability.

To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Release Notes of this software.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

Solarwinds: Windows