CVE-2021-35234 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	8 HIGH	ADJACENT_NETWORK	HIGH	LOW	CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
SolarWinds	CNA	8 HIGH	ADJACENT_NETWORK	HIGH	LOW	CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 74%

Affected Products (NVD)

Vendor	Product	Version
solarwinds	orion_platform	𝑥 ≤ 2020.2.5
solarwinds	orion_platform	2020.2.6
solarwinds	orion_platform	2020.2.6:hotfix1
solarwinds	orion_platform	2020.2.6:hotfix2

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.

References

https://documentation.solarwinds.com/en/Success_Center/orionplatform/content/core-secure-configuration.htm

https://support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2020-2-6-Hotfix-3

https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35234

https://www.zerodayinitiative.com/advisories/ZDI-21-1596/

https://www.zerodayinitiative.com/advisories/ZDI-21-1597/

https://www.zerodayinitiative.com/advisories/ZDI-21-1598/

https://www.zerodayinitiative.com/advisories/ZDI-21-1599/

https://www.zerodayinitiative.com/advisories/ZDI-21-1600/

https://www.zerodayinitiative.com/advisories/ZDI-21-1601/

https://www.zerodayinitiative.com/advisories/ZDI-21-1602/

https://www.zerodayinitiative.com/advisories/ZDI-21-1603/

https://www.zerodayinitiative.com/advisories/ZDI-21-1604/

https://documentation.solarwinds.com/en/Success_Center/orionplatform/content/core-secure-configuration.htm

https://support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2020-2-6-Hotfix-3

https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35234

https://www.zerodayinitiative.com/advisories/ZDI-21-1596/

https://www.zerodayinitiative.com/advisories/ZDI-21-1597/

https://www.zerodayinitiative.com/advisories/ZDI-21-1598/

https://www.zerodayinitiative.com/advisories/ZDI-21-1599/

https://www.zerodayinitiative.com/advisories/ZDI-21-1600/

https://www.zerodayinitiative.com/advisories/ZDI-21-1601/

https://www.zerodayinitiative.com/advisories/ZDI-21-1602/

https://www.zerodayinitiative.com/advisories/ZDI-21-1603/

https://www.zerodayinitiative.com/advisories/ZDI-21-1604/