CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-35232 – Hard credentials discovered in SolarWinds Web Help Desk which allows to execute Arbitrary Hibernate Queries
https://notcve.org/view.php?id=CVE-2021-35232
Hard coded credentials discovered in SolarWinds Web Help Desk product. Through these credentials, the attacker with local access to the Web Help Desk host machine allows to execute arbitrary HQL queries against the database and leverage the vulnerability to steal the password hashes of the users or insert arbitrary data into the database. Se han detectado credenciales embebidas en el producto SolarWinds Web Help Desk. Mediante estas credenciales, el atacante con acceso local a la máquina anfitriona de Web Help Desk permite ejecutar consultas HQL arbitrarias contra la base de datos y aprovechar la vulnerabilidad para robar los hashes de las contraseñas de los usuarios o insertar datos arbitrarios en la base de datos • https://support.solarwinds.com/SuccessCenter/s/article/Web-Help-Desk-12-7-7-Hotfix-1-Release-Notes?language=en_US https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35232 • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-35243 – HTTP PUT & DELETE Methods Enabled
https://notcve.org/view.php?id=CVE-2021-35243
The HTTP PUT and DELETE methods were enabled in the Web Help Desk web server (12.7.7 and earlier), allowing users to execute dangerous HTTP requests. The HTTP PUT method is normally used to upload data that is saved on the server with a user-supplied URL. While the DELETE method requests that the origin server removes the association between the target resource and its current functionality. Improper use of these methods may lead to a loss of integrity. Los métodos HTTP PUT y DELETE fueron habilitados en el servidor web de Web Help Desk (12.7.7 y anteriores), permitiendo a los usuarios ejecutar peticiones HTTP peligrosas. • https://support.solarwinds.com/SuccessCenter/s/article/Web-Help-Desk-12-7-7-Hotfix-1-Release-Notes?language=en_US https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35243 • CWE-749: Exposed Dangerous Method or Function •
CVSS: 8.8EPSS: 3%CPEs: 4EXPL: 0CVE-2021-35234 – Exposed Dangerous Functions - Privileged Escalation
https://notcve.org/view.php?id=CVE-2021-35234
Numerous exposed dangerous functions within Orion Core has allows for read-only SQL injection leading to privileged escalation. An attacker with low-user privileges may steal password hashes and password salt information. Numerosas funciones peligrosas expuestas dentro de Orion Core han permitido la inyección de SQL de sólo lectura conllevando a una escalada de privilegios. Un atacante con bajos privilegios de usuario puede robar los hashes de las contraseñas y la información de las sales de las contraseñas This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor. Authentication is required to exploit this vulnerability. The specific flaw exists within the SendSyslog class. • https://documentation.solarwinds.com/en/Success_Center/orionplatform/content/core-secure-configuration.htm https://support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2020-2-6-Hotfix-3 https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35234 https://www.zerodayinitiative.com/advisories/ZDI-21-1596 https://www.zerodayinitiative.com/advisories/ZDI-21-1597 https://www.zerodayinitiative.com/advisories/ZDI-21-1598 https://www.zerodayinitiative.com/advisories/ZDI-21-1599 https://www.ze • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-35244 – Unrestricted File Upload Causing Remote Code Execution: Orion Platform 2020.2.6
https://notcve.org/view.php?id=CVE-2021-35244
The "Log alert to a file" action within action management enables any Orion Platform user with Orion alert management rights to write to any file. An attacker with Orion alert management rights could use this vulnerability to perform an unrestricted file upload causing a remote code execution. La acción "Log alert to a file" dentro de la administración de acciones permite a cualquier usuario de Orion Platform con derechos de administración de alertas de Orion escribir en cualquier archivo. Un atacante con derechos de administración de alertas de Orion podría usar esta vulnerabilidad para llevar a cabo una carga de archivos sin restricciones causando una ejecución de código remota This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of alert creation. • https://documentation.solarwinds.com/en/Success_Center/orionplatform/content/core-secure-configuration.htm https://support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2020-2-6-Hotfix-3?language=en_US https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35242 https://www.zerodayinitiative.com/advisories/ZDI-22-375 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-35248 – Unrestricted access to Orion.UserSettings SWIS entity for low-privilege users
https://notcve.org/view.php?id=CVE-2021-35248
It has been reported that any Orion user, e.g. guest accounts can query the Orion.UserSettings entity and enumerate users and their basic settings. Se ha informado de que cualquier usuario de Orion, por ejemplo, las cuentas de invitados pueden consultar la entidad Orion.UserSettings y enumerar los usuarios y su configuración básica • https://documentation.solarwinds.com/en/Success_Center/orionplatform/content/core-secure-configuration.htm https://support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2020-2-6-Hotfix-3 https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35248 • CWE-732: Incorrect Permission Assignment for Critical Resource •