BizTalk.rawdocdata.ASP.SQL.Injection

description-logoDescription

It indicates a SQL Injection vulnerability in Microsoft BizTalk server via the rawdocdata.asp script.


There exists a SQL injection vulnerability in the Document Tracking and Administration (DTA) website of Microsoft BizTalk Server 2000 and 2002. Due to insufficient user input sanitization, a remote attacker can execute operating system commands on a target system by sending it a specially-crafted request.

affected-products-logoAffected Products

Any unprotected Microsoft BizTalk 2000 or 2002 is vulnerable to the attack.

Impact logoImpact

Attackers can modify database query logic, execute commands or compromise the database.

recomended-action-logoRecommended Actions

Apply appropriate patches or Upgrade the system to the latest non-vulnerable version.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2020-12-11 16.978