Vulnerability Description
An SQL injection Privilege Escalation Vulnerability was discovered in the Orion Platform reported by the ZDI Team. A blind Boolean SQL injection which could lead to full read/write over the Orion database content including the Orion certificate for any authenticated user.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Solarwinds | Orion Platform | 2019.2 |
Related Weaknesses (CWE)
References
- https://documentation.solarwinds.com/en/success_center/orionplatform/content/corVendor Advisory
- https://documentation.solarwinds.com/en/success_center/orionplatform/content/relRelease NotesVendor Advisory
- https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35212PatchVendor Advisory
- https://www.zerodayinitiative.com/advisories/ZDI-21-1243/Third Party AdvisoryVDB Entry
- https://documentation.solarwinds.com/en/success_center/orionplatform/content/corVendor Advisory
- https://documentation.solarwinds.com/en/success_center/orionplatform/content/relRelease NotesVendor Advisory
- https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35212PatchVendor Advisory
- https://www.zerodayinitiative.com/advisories/ZDI-21-1243/Third Party AdvisoryVDB Entry
FAQ
What is CVE-2021-35212?
CVE-2021-35212 is a vulnerability with a CVSS score of 8.9 (HIGH). An SQL injection Privilege Escalation Vulnerability was discovered in the Orion Platform reported by the ZDI Team. A blind Boolean SQL injection which could lead to full read/write over the Orion data...
How severe is CVE-2021-35212?
CVE-2021-35212 has been rated HIGH with a CVSS base score of 8.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-35212?
Check the references section above for vendor advisories and patch information. Affected products include: Solarwinds Orion Platform.