Description of the vulnerability - "By sending specially crafted parameters to one or more CGI scripts hosted on the remote web server, Nessus was able to get a very different response, which suggests that it may have been able to modify the behavior of the application and directly access the underlying database. An attacker may be able to exploit this issue to bypass authentication, read confidential data, modify the remote database, or even take control of the remote operating system. Note that this script is experimental and may be prone to false positives."

A vulnerability scanner detects this against the Management Center device.

The vulnerability number or ID is "42424".

The generic SQL Injection warnings picked up by scanners are a false positive. This can be picked up by scanners as the Management Center correctly returns a 400 error with malformed URLs commonly used by scanners to test SQL injections.