CVE-2021-35212

Summary

An SQL injection Privilege Escalation Vulnerability was discovered in the Orion Platform reported by the ZDI Team. A blind Boolean SQL injection which could lead to full read/write over the Orion database content including the Orion certificate for any authenticated user.

Affected Software

VendorProductVersion RangeStatus
SolarWindsOrion Platform2020.2.5 and previous versions < 2020.2.5 HF1affected

Weaknesses

  • Blind SQL injection Vulnerability

ADP Enrichment

CVE Program Container

Additional References

References