CVE-2021-35212 - OpenCVE

An SQL injection Privilege Escalation Vulnerability was discovered in the Orion Platform reported by the ZDI Team. A blind Boolean SQL injection which could lead to full read/write over the Orion database content including the Orion certificate for any authenticated user.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact Low

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:S/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Solarwinds	Orion Platform

Configuration 1 [-]

OR	cpe:2.3:a:solarwinds:orion_platform:2019.2:::::::*
	cpe:2.3:a:solarwinds:orion_platform:2019.4:::::::*
	cpe:2.3:a:solarwinds:orion_platform:2020.2.1:::::::*
	cpe:2.3:a:solarwinds:orion_platform:2020.2.4:::::::*
	cpe:2.3:a:solarwinds:orion_platform:2020.2.5:::::::*

No data.

References

Link	Providers
https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm
https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/orion_platform_2020-2-6_release_notes.htm
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35212
https://www.zerodayinitiative.com/advisories/ZDI-21-1243/

History

No history.

MITRE

Status: PUBLISHED

Assigner: SolarWinds

Published: 2021-08-31T17:00:15

Updated: 2024-08-04T00:33:51.205Z

Reserved: 2021-06-22T00:00:00

Link: CVE-2021-35212

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-08-31T17:15:07.910

Modified: 2021-11-05T17:45:00.953

Link: CVE-2021-35212

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Orion Platform", "vendor": "SolarWinds", "versions": [{"lessThan": "2020.2.5 HF1 ", "status": "affected", "version": "2020.2.5 and previous versions", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "SolarWinds would like to thank Anonymous working with Trend Micro Zero Day Initiative for reporting on the issue in a responsible manner. "}], "descriptions": [{"lang": "en", "value": "An SQL injection Privilege Escalation Vulnerability was discovered in the Orion Platform reported by the ZDI Team. A blind Boolean SQL injection which could lead to full read/write over the Orion database content including the Orion certificate for any authenticated user."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 8.9, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "Blind SQL injection Vulnerability ", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-10-28T11:06:15", "orgId": "49f11609-934d-4621-84e6-e02e032104d6", "shortName": "SolarWinds"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm"}, {"tags": ["x_refsource_MISC"], "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/orion_platform_2020-2-6_release_notes.htm"}, {"tags": ["x_refsource_MISC"], "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35212"}, {"tags": ["x_refsource_MISC"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1243/"}], "solutions": [{"lang": "en", "value": "SolarWinds has identified a fix for this vulnerability and included the fix in Orion Platform 2020.2.5 Hotfix 1 and, In addition, backported the fixes to Orion Platform 2019.4.2 and 2019.2 HF4,respectively. \n"}], "source": {"defect": ["CVE-2021-35212"], "discovery": "UNKNOWN"}, "title": "Blind SQL injection Vulnerability ", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@solarwinds.com", "ID": "CVE-2021-35212", "STATE": "PUBLIC", "TITLE": "Blind SQL injection Vulnerability "}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Orion Platform", "version": {"version_data": [{"version_affected": "<", "version_name": "2020.2.5 and previous versions", "version_value": "2020.2.5 HF1 "}]}}]}, "vendor_name": "SolarWinds"}]}}, "credit": [{"lang": "eng", "value": "SolarWinds would like to thank Anonymous working with Trend Micro Zero Day Initiative for reporting on the issue in a responsible manner. "}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An SQL injection Privilege Escalation Vulnerability was discovered in the Orion Platform reported by the ZDI Team. A blind Boolean SQL injection which could lead to full read/write over the Orion database content including the Orion certificate for any authenticated user."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 8.9, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Blind SQL injection Vulnerability "}]}]}, "references": {"reference_data": [{"name": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm", "refsource": "MISC", "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm"}, {"name": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/orion_platform_2020-2-6_release_notes.htm", "refsource": "MISC", "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/orion_platform_2020-2-6_release_notes.htm"}, {"name": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35212", "refsource": "MISC", "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35212"}, {"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1243/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1243/"}]}, "solution": [{"lang": "en", "value": "SolarWinds has identified a fix for this vulnerability and included the fix in Orion Platform 2020.2.5 Hotfix 1 and, In addition, backported the fixes to Orion Platform 2019.4.2 and 2019.2 HF4,respectively. \n"}], "source": {"defect": ["CVE-2021-35212"], "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T00:33:51.205Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/orion_platform_2020-2-6_release_notes.htm"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35212"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1243/"}]}]}, "cveMetadata": {"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6", "assignerShortName": "SolarWinds", "cveId": "CVE-2021-35212", "datePublished": "2021-08-31T17:00:15", "dateReserved": "2021-06-22T00:00:00", "dateUpdated": "2024-08-04T00:33:51.205Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:solarwinds:orion_platform:2019.2:*:*:*:*:*:*:*", "matchCriteriaId": "C65EE900-7208-4A27-816B-F44A60CC7062", "vulnerable": true}, {"criteria": "cpe:2.3:a:solarwinds:orion_platform:2019.4:*:*:*:*:*:*:*", "matchCriteriaId": "E01098F6-563A-416A-90E2-405F58E827C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:solarwinds:orion_platform:2020.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "774002E1-47D1-4398-A14D-41C1D6D1A1E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:solarwinds:orion_platform:2020.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "6C3F1C70-EA74-4EB0-BEAC-384501830550", "vulnerable": true}, {"criteria": "cpe:2.3:a:solarwinds:orion_platform:2020.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "5FEC7902-5903-4366-9301-DD6D6CC39F6D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An SQL injection Privilege Escalation Vulnerability was discovered in the Orion Platform reported by the ZDI Team. A blind Boolean SQL injection which could lead to full read/write over the Orion database content including the Orion certificate for any authenticated user."}, {"lang": "es", "value": "Se ha detectado una Vulnerabilidad de Escalada de Privilegios por inyecci\u00f3n SQL en la plataforma Orion, reportada por el Equipo de ZDI. Una inyecci\u00f3n SQL booleana ciega que podr\u00eda conllevar a una lectura y escritura completa sobre el contenido de la base de datos de Orion, incluyendo el certificado de Orion, para cualquier usuario autenticado"}], "id": "CVE-2021-35212", "lastModified": "2021-11-05T17:45:00.953", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 8.9, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 6.0, "source": "psirt@solarwinds.com", "type": "Secondary"}]}, "published": "2021-08-31T17:15:07.910", "references": [{"source": "psirt@solarwinds.com", "tags": ["Vendor Advisory"], "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm"}, {"source": "psirt@solarwinds.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/orion_platform_2020-2-6_release_notes.htm"}, {"source": "psirt@solarwinds.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35212"}, {"source": "psirt@solarwinds.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1243/"}], "sourceIdentifier": "psirt@solarwinds.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}