Progress Flowmon ADS SQL Injection Vulnerability Allowing Privilege Escalation
Vulnerability
In Progress Flowmon ADS, an SQL injection vulnerability has been identified in versions prior to 12.5.4 and 13.0.1. This vulnerability allows authenticated users to execute unintended SQL queries and commands, potentially leading to unauthorized privilege escalation and compromising the integrity and confidentiality of the affected Flowmon appliance.
Impact
Exploitation of this vulnerability could allow an authenticated user to perform unauthorized SQL operations, potentially escalating privileges and compromising the integrity and confidentiality of the Flowmon appliance.
Remediation
Users are advised to upgrade to Flowmon ADS version 12.5.4 or 13.0.1. Upgrade packages are available through the Progress Community. Note that upgrading to a patched release using the full installer is the only way to address this vulnerability, and the upgrade will cause a temporary outage of the system.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.