Tenable scan reports vulnerability that the remote host is vulnerable to SQL injection for NSX Managers

search cancel

Tenable scan reports vulnerability that the remote host is vulnerable to SQL injection for NSX Managers

book

Article ID: 406071

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

This is a sample report from a vulnerability scan conducted against the NSX Manager.

Threat Reported :
The scanner was able to send specially crafted input to one or more endpoints and parameters on the remote host that resulted in an injection into a SQL query, allowing arbitrary SQL statements to be executed on the remote host.

Using the GET Method, Nessus found that :

The following resources may be vulnerable to blind SQL injection :" 'j_password' parameter of the /j_spring_security_check ".

Environment

VMware NSX

Resolution

NSX Managers do not utilize SQL as a backing database for user logins and are therefore not vulnerable to this Tenable scan finding.

Feedback

thumb_up Yes

thumb_down No