CVE-2020-9318

Affected product/versions: Red Gate SQL Monitor 9.0.13 through 9.2.14. Vulnerability: Administrative users can perform a SQL injection by configuring the SNMP alert settings in the UI. Root cause (as stated): Not explicitly detailed beyond the injection via UI settings. Impact (as stated): SQL in...

CVE-2015-9098

CVE-2015-9098 affects Redgate SQL Monitor versions prior to 3.10 and 4.x prior to 4.2. A remote unauthenticated attacker can gain access to the Base Monitor and execute arbitrary SQL commands on any monitored Microsoft SQL Server machines; if the Base Monitor connects using an account with SQL ad...

CVE-2022-47542

Red Gate SQL Monitor versions 11.0.14 through 12.1.46 are affected by Incorrect Access Control, enabling remote escalation of privileges. The CVE entry consistently cites this issue as a remote privilege-escalation vulnerability, with no exploitation details provided in the documents. Affected pr...

CVE-2022-47870

CVE-2022-47870 is a documented XSS in Redgate SQL Monitor 12.1.31.893, affecting the web SQL Monitor login page via the returnUrl parameter. The vulnerability can enable arbitrary script/HTML injection on the client-side and, per exploit descriptions, may lead to session cookie disclosure and acc...

CVE-2020-15526

CVE-2020-15526 affects Redgate SQL Monitor versions 7.1.4 through 10.1.6, where the scope for disabling TLS certificate checks could extend beyond the intended Configuration > Notifications, also affecting VMware monitoring. This allows potential man-in-the-middle attacks when sending alert no...