Numerous exposed dangerous functions within Orion Core has allows for read-only SQL injection leading to privileged escalation. An attacker with low-user privileges may steal password hashes and password salt information.
"}],"value":"Numerous exposed dangerous functions within Orion Core has allows for read-only SQL injection leading to privileged escalation. An attacker with low-user privileges may steal password hashes and password salt information."}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"ADJACENT_NETWORK","availabilityImpact":"HIGH","baseScore":8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-89","description":"CWE-89 Exposed Dangerous Method or Function","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"49f11609-934d-4621-84e6-e02e032104d6","shortName":"SolarWinds","dateUpdated":"2023-08-03T20:30:52.441Z"},"references":[{"tags":["x_refsource_MISC"],"url":"https://support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2020-2-6-Hotfix-3"},{"tags":["x_refsource_MISC"],"url":"https://documentation.solarwinds.com/en/Success_Center/orionplatform/content/core-secure-configuration.htm"},{"tags":["x_refsource_MISC"],"url":"https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35234"},{"tags":["x_refsource_MISC"],"url":"https://www.zerodayinitiative.com/advisories/ZDI-21-1598/"},{"tags":["x_refsource_MISC"],"url":"https://www.zerodayinitiative.com/advisories/ZDI-21-1596/"},{"tags":["x_refsource_MISC"],"url":"https://www.zerodayinitiative.com/advisories/ZDI-21-1604/"},{"tags":["x_refsource_MISC"],"url":"https://www.zerodayinitiative.com/advisories/ZDI-21-1600/"},{"tags":["x_refsource_MISC"],"url":"https://www.zerodayinitiative.com/advisories/ZDI-21-1601/"},{"tags":["x_refsource_MISC"],"url":"https://www.zerodayinitiative.com/advisories/ZDI-21-1602/"},{"tags":["x_refsource_MISC"],"url":"https://www.zerodayinitiative.com/advisories/ZDI-21-1597/"},{"tags":["x_refsource_MISC"],"url":"https://www.zerodayinitiative.com/advisories/ZDI-21-1599/"},{"tags":["x_refsource_MISC"],"url":"https://www.zerodayinitiative.com/advisories/ZDI-21-1603/"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"The SolarWinds Development Team has created a fix for this vulnerability by revoking permission to non-admin users when running SQL Queries.
SolarWinds advises its customers to upgrade to the latest version (2020.2.6 HF3) once it becomes generally available.
"}],"value":"The SolarWinds Development Team has created a fix for this vulnerability by revoking permission to non-admin users when running SQL Queries.\n\nSolarWinds advises its customers to upgrade to the latest version (2020.2.6 HF3) once it becomes generally available."}],"source":{"defect":["CVE-2021-35234"],"discovery":"EXTERNAL"},"title":"Exposed Dangerous Functions - Privileged Escalation","workarounds":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"If you are unable to upgrade immediately. See SolarWinds Knowledgebase Article Below:
https://support.solarwinds.com/SuccessCenter/s/article/Mitigate-the-Exposed-Dangerous-Functions-Privileged-Escalation-CVE-2021-35234
"}],"value":"If you are unable to upgrade immediately. See SolarWinds Knowledgebase Article Below:\n\nhttps://support.solarwinds.com/SuccessCenter/s/article/Mitigate-the-Exposed-Dangerous-Functions-Privileged-Escalation-CVE-2021-35234"}],"x_generator":{"engine":"Vulnogram 0.0.9"},"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"psirt@solarwinds.com","DATE_PUBLIC":"2021-12-20T12:52:00.000Z","ID":"CVE-2021-35234","STATE":"PUBLIC","TITLE":"Exposed Dangerous Functions - Privileged Escalation"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Orion Core","version":{"version_data":[{"platform":"Windows","version_affected":"<","version_name":"2020.2.6 HF 2 and previous versions","version_value":"2020.2.6 HF 3"}]}}]},"vendor_name":"SolarWinds"}]}},"credit":[{"lang":"eng","value":"Trend Micro, Zero Day Initiative"}],"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Numerous exposed dangerous functions within Orion Core has allows for read-only SQL injection leading to privileged escalation. An attacker with low-user privileges may steal password hashes and password salt information."}]},"generator":{"engine":"Vulnogram 0.0.9"},"impact":{"cvss":{"attackComplexity":"HIGH","attackVector":"ADJACENT_NETWORK","availabilityImpact":"HIGH","baseScore":8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-749 Exposed Dangerous Method or Function"}]}]},"references":{"reference_data":[{"name":"https://support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2020-2-6-Hotfix-3","refsource":"MISC","url":"https://support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2020-2-6-Hotfix-3"},{"name":"https://documentation.solarwinds.com/en/Success_Center/orionplatform/content/core-secure-configuration.htm","refsource":"MISC","url":"https://documentation.solarwinds.com/en/Success_Center/orionplatform/content/core-secure-configuration.htm"},{"name":"https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35234","refsource":"MISC","url":"https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35234"},{"name":"https://www.zerodayinitiative.com/advisories/ZDI-21-1598/","refsource":"MISC","url":"https://www.zerodayinitiative.com/advisories/ZDI-21-1598/"},{"name":"https://www.zerodayinitiative.com/advisories/ZDI-21-1596/","refsource":"MISC","url":"https://www.zerodayinitiative.com/advisories/ZDI-21-1596/"},{"name":"https://www.zerodayinitiative.com/advisories/ZDI-21-1604/","refsource":"MISC","url":"https://www.zerodayinitiative.com/advisories/ZDI-21-1604/"},{"name":"https://www.zerodayinitiative.com/advisories/ZDI-21-1600/","refsource":"MISC","url":"https://www.zerodayinitiative.com/advisories/ZDI-21-1600/"},{"name":"https://www.zerodayinitiative.com/advisories/ZDI-21-1601/","refsource":"MISC","url":"https://www.zerodayinitiative.com/advisories/ZDI-21-1601/"},{"name":"https://www.zerodayinitiative.com/advisories/ZDI-21-1602/","refsource":"MISC","url":"https://www.zerodayinitiative.com/advisories/ZDI-21-1602/"},{"name":"https://www.zerodayinitiative.com/advisories/ZDI-21-1597/","refsource":"MISC","url":"https://www.zerodayinitiative.com/advisories/ZDI-21-1597/"},{"name":"https://www.zerodayinitiative.com/advisories/ZDI-21-1599/","refsource":"MISC","url":"https://www.zerodayinitiative.com/advisories/ZDI-21-1599/"},{"name":"https://www.zerodayinitiative.com/advisories/ZDI-21-1603/","refsource":"MISC","url":"https://www.zerodayinitiative.com/advisories/ZDI-21-1603/"}]},"solution":[{"lang":"en","value":"The SolarWinds Development Team has created a fix for this vulnerability by revoking permission to non-admin users when running SQL Queries.SolarWinds advises its customers to upgrade to the latest version (2020.2.6 HF3) once it becomes generally available."}],"source":{"defect":["CVE-2021-35234"],"discovery":"EXTERNAL"},"work_around":[{"lang":"en","value":"If you are unable to upgrade immediately. See SolarWinds Knowledgebase Article Below:https://support.solarwinds.com/SuccessCenter/s/article/Mitigate-the-Exposed-Dangerous-Functions-Privileged-Escalation-CVE-2021-35234"}]}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T00:33:51.261Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"https://support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2020-2-6-Hotfix-3"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://documentation.solarwinds.com/en/Success_Center/orionplatform/content/core-secure-configuration.htm"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35234"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.zerodayinitiative.com/advisories/ZDI-21-1598/"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.zerodayinitiative.com/advisories/ZDI-21-1596/"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.zerodayinitiative.com/advisories/ZDI-21-1604/"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.zerodayinitiative.com/advisories/ZDI-21-1600/"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.zerodayinitiative.com/advisories/ZDI-21-1601/"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.zerodayinitiative.com/advisories/ZDI-21-1602/"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.zerodayinitiative.com/advisories/ZDI-21-1597/"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.zerodayinitiative.com/advisories/ZDI-21-1599/"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.zerodayinitiative.com/advisories/ZDI-21-1603/"}]}]},"cveMetadata":{"assignerOrgId":"49f11609-934d-4621-84e6-e02e032104d6","assignerShortName":"SolarWinds","cveId":"CVE-2021-35234","datePublished":"2021-12-20T20:08:25.522Z","dateReserved":"2021-06-22T00:00:00.000Z","dateUpdated":"2024-09-16T18:59:20.905Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}