BizTalk.rawdocdata.ASP.SQL.Injection
Description
It indicates a SQL Injection vulnerability in Microsoft BizTalk server via the rawdocdata.asp script.
There exists a SQL injection vulnerability in the Document Tracking and Administration (DTA) website of Microsoft BizTalk Server 2000 and 2002. Due to insufficient user input sanitization, a remote attacker can execute operating system commands on a target system by sending it a specially-crafted request.
Affected Products
Any unprotected Microsoft BizTalk 2000 or 2002 is vulnerable to the attack.
Impact
Attackers can modify database query logic, execute commands or compromise the database.
Recommended Actions
Apply appropriate patches or Upgrade the system to the latest non-vulnerable version.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2020-12-11 | 16.978 |