CVE-2021-35234

Summary

Numerous exposed dangerous functions within Orion Core has allows for read-only SQL injection leading to privileged escalation. An attacker with low-user privileges may steal password hashes and password salt information.

Affected Software

VendorProductVersion RangeStatus
SolarWindsOrion Core2020.2.6 HF 2 and previous versions < 2020.2.6 HF 3affected

Weaknesses

  • CWE-89: CWE-89 Exposed Dangerous Method or Function

Workarounds

If you are unable to upgrade immediately. See SolarWinds Knowledgebase Article Below:

https://support.solarwinds.com/SuccessCenter/s/article/Mitigate-the-Exposed-Dangerous-Functions-Privileged-Escalation-CVE-2021-35234

ADP Enrichment

CVE Program Container

Additional References

References