CVE-2020-9318 : Security Advisory and Response

Red Gate SQL Monitor 9.0.13 through 9.2.14 allows an administrative user to perform a SQL injection attack by configuring the SNMP alert settings in the UI. This is fixed in 9.2.15.

Understanding CVE-2020-9318

Red Gate SQL Monitor 9.0.13 through 9.2.14 is vulnerable to a SQL injection attack.

What is CVE-2020-9318?

CVE-2020-9318 is a vulnerability in Red Gate SQL Monitor versions 9.0.13 through 9.2.14 that enables an administrative user to execute a SQL injection attack through the SNMP alert settings in the user interface.

The Impact of CVE-2020-9318

The vulnerability allows unauthorized users to manipulate SQL queries, potentially leading to data leakage, data corruption, or unauthorized access to the database.

Technical Details of CVE-2020-9318

Red Gate SQL Monitor 9.0.13 through 9.2.14 is susceptible to SQL injection attacks.

Vulnerability Description

An administrative user can exploit the vulnerability by configuring the SNMP alert settings in the UI, allowing them to inject malicious SQL code.

Affected Systems and Versions

Red Gate SQL Monitor versions 9.0.13 through 9.2.14

Exploitation Mechanism

The vulnerability can be exploited by an administrative user manipulating the SNMP alert settings to inject SQL commands.

Mitigation and Prevention

To address CVE-2020-9318, follow these steps:

Immediate Steps to Take

Update Red Gate SQL Monitor to version 9.2.15, where the vulnerability is fixed.
Restrict access to the SNMP alert settings to authorized users only.

Long-Term Security Practices

Regularly monitor and audit SQL queries for any unusual activity.
Educate users on SQL injection risks and best practices to prevent such attacks.

Patching and Updates

Apply patches and updates provided by Red Gate to ensure the security of the SQL Monitor software.