Numerous exposed dangerous functions within Orion Core has allows for read-only SQL injection leading to privileged escalation. An attacker with low-user privileges may steal password hashes and password salt information.
References
Configurations
Configuration 1 (hide)
|
History
03 Aug 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
Summary | Numerous exposed dangerous functions within Orion Core has allows for read-only SQL injection leading to privileged escalation. An attacker with low-user privileges may steal password hashes and password salt information. |
03 Jan 2022, 19:10
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 6.5
v3 : 8.8 |
References | (MISC) https://www.zerodayinitiative.com/advisories/ZDI-21-1603/ - Third Party Advisory, VDB Entry | |
References | (MISC) https://www.zerodayinitiative.com/advisories/ZDI-21-1596/ - Third Party Advisory, VDB Entry | |
References | (MISC) https://support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2020-2-6-Hotfix-3 - Vendor Advisory | |
References | (MISC) https://documentation.solarwinds.com/en/Success_Center/orionplatform/content/core-secure-configuration.htm - Product, Vendor Advisory | |
References | (MISC) https://www.zerodayinitiative.com/advisories/ZDI-21-1599/ - Third Party Advisory, VDB Entry | |
References | (MISC) https://www.zerodayinitiative.com/advisories/ZDI-21-1600/ - Third Party Advisory, VDB Entry | |
References | (MISC) https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35234 - Vendor Advisory | |
References | (MISC) https://www.zerodayinitiative.com/advisories/ZDI-21-1604/ - Third Party Advisory, VDB Entry | |
References | (MISC) https://www.zerodayinitiative.com/advisories/ZDI-21-1601/ - Third Party Advisory, VDB Entry | |
References | (MISC) https://www.zerodayinitiative.com/advisories/ZDI-21-1597/ - Third Party Advisory, VDB Entry | |
References | (MISC) https://www.zerodayinitiative.com/advisories/ZDI-21-1598/ - Third Party Advisory, VDB Entry | |
References | (MISC) https://www.zerodayinitiative.com/advisories/ZDI-21-1602/ - Third Party Advisory, VDB Entry | |
CPE | cpe:2.3:a:solarwinds:orion_platform:2020.2.6:hotfix2:*:*:*:*:*:* cpe:2.3:a:solarwinds:orion_platform:*:*:*:*:*:*:*:* cpe:2.3:a:solarwinds:orion_platform:2020.2.6:hotfix1:*:*:*:*:*:* cpe:2.3:a:solarwinds:orion_platform:2020.2.6:-:*:*:*:*:*:* |
|
CWE | CWE-89 | |
First Time |
Solarwinds
Solarwinds orion Platform |
23 Dec 2021, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
20 Dec 2021, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-12-20 21:15
Updated : 2023-12-10 14:09
NVD link : CVE-2021-35234
Mitre link : CVE-2021-35234
CVE.ORG link : CVE-2021-35234
JSON object : View
Products Affected
solarwinds
- orion_platform
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')