SolarWinds Vulnerability Disclosed By Digital Defense
Digital Defense, Inc. (DDI), a leading provider of managed cloud-based security assessments, disclosed a vulnerability within the ‘LoginServlet' page of the SolarWinds Storage Manager Server. This flaw could allow an attacker to extract sensitive information from the back-end database using standard SQL injection exploitation techniques. Additionally, an attacker may be able to leverage this flaw to compromise the database server host operating system. DDI immediately notified SolarWinds of the finding.
DDI's Vulnerability Research Team (VRT), utilizing data provided by DDI's cloud-based Frontline Solutions Platform (FSP), provides the analytic expertise necessary to quickly identify previously unknown vulnerabilities, commonly referred to as "Zero-Day" issues. Within recent months, DDI's VRT has released multiple vulnerability disclosures, including those within widely used platforms such as the IBM WebSphere Application Server the KnowledgeTree Online Document Management Systemand HP JetDirect Embedded Web Server.
"One of the key advantages of our cloud-based FSP platform is the wealth of information it provides to our researchers for data-mining and vulnerability analysis. Using "big data" analytics, in conjunction with our responsible disclosure policy, allows us to effectively bolster security awareness within the DDI client community and beyond," states Larry Hurtado, Digital Defense president and CEO. "In addition, our ability to rapidly embed this ongoing vulnerability intelligence into the FSP allows clients and DDI security analysts alike to rapidly identify and address issues on vulnerable platforms."
DDI will post more information regarding the issue to the DDI Labs Blog as it becomes available.
About Digital Defense
Digital Defense, Inc. (DDI) is a leading provider of security governance, risk management, and compliance (GRC) solutions. Our unique combination of managed, cloud-based services, gives our clients maximum flexibility in the implementation of their security programs. We provide the insight necessary for organizations to protect their critical customer and business information while allowing them to focus on their business, rather than dedicate resources to network security. DDI clients enjoy greater visibility and management insight of their enterprise-wide GRC programs using DDI's proprietary Software as a Service (SaaS) delivery platforms and assessment tools. For more information, visit www.ddifrontline.com.
SOURCE: Digital Defense, Inc.