Exposed Dangerous Functions - Privileged Escalation (CVE-2021-35234)

Summary

Numerous exposed dangerous functions within Orion Core allows for read-only SQL injection leading to privileged escalation. An attacker with low-user privileges may steal password hashes and password salt information.

Affected Products

  • Orion Platform 2020.2.6 HF2 and earlier

Fixed Software Release

  • Orion Platform 2020.2.6 HF3

Acknowledgments

  • Trend Micro, Zero Day Initiative
Advisory Details
Severity
High
Advisory ID

CVE-2021-35234

First Published
12/20/2021
Fixed Version

Orion Platform 2020.2.6 HF3

Workarounds

Public KB

CVSS Score

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:
C/C:H/I:H/A:H

Download PDF
Send an Email