Trust Center Index Page SolarWinds Trust Center Security Advisories | CVE-2021-35234
Exposed Dangerous Functions - Privileged Escalation (CVE-2021-35234)

Summary

Numerous exposed dangerous functions within Orion Core allows for read-only SQL injection leading to privileged escalation. An attacker with low-user privileges may steal password hashes and password salt information.

Affected Products

  • Orion Platform 2020.2.6 HF2 and earlier

Fixed Software Release

  • Orion Platform 2020.2.6 HF3

Acknowledgments

  • Trend Micro, Zero Day Initiative

Advisory Details

Severity

8.0 High

Advisory ID

CVE-2021-35234

First Published

12/20/2021

Fixed Version

Orion Platform 2020.2.6 HF3

Workarounds

Public KB

{{STATIC CONTENT}}
{{CAPTION_TITLE}}

{{CAPTION_CONTENT}}

{{TITLE}}