Lucene search
MitreCVELIST:CVE-2021-25275HistoryFeb 03, 2021 - 4:49 p.m.
CVE-2021-25275
2021-02-0316:49:08
mitre
www.cve.org
6
solarwinds
orion platform
unauthorized access
database credentials
admin access
security vulnerability
SolarWinds Orion Platform before 2020.2.4, as used by various SolarWinds products, installs and uses a SQL Server backend, and stores database credentials to access this backend in a file readable by unprivileged users. As a result, any user having access to the filesystem can read database login details from that file, including the login name and its associated password. Then, the credentials can be used to get database owner access to the SWNetPerfMon.DB database. This gives access to the data collected by SolarWinds applications, and leads to admin access to the applications by inserting or changing authentication data stored in the Accounts table of the database.
Related
cve
cve
CVE-2021-25275
2021-02-03 17:15:16
nvd
nvd
CVE-2021-25275
2021-02-03 17:15:16
prion
prion
Sql injection
2021-02-03 17:15:00
rapid7blog
rapid7blog
nessus
nessus
SolarWinds Orion Platform < 2020.2.4 Multiple Vulnerabilities
2021-02-09 00:00:00
attackerkb
attackerkb
SolarWinds Orion Platform Unauthenticated RCE (CVE-2021-25274)
2021-02-03 00:00:00
threatpost
threatpost
SolarWinds Orion Bug Allows Easy Remote-Code Execution and Takeover
2021-02-03 11:00:21
thn
thn
3 New Severe Security Vulnerabilities Found In SolarWinds Software
2021-02-03 11:31:00
Another Critical RCE Flaw Discovered in SolarWinds Orion Platform
2021-03-26 05:07:00
securelist
securelist
Kaspersky Security Bulletin 2020-2021. EU statistics
2021-05-26 10:00:32
IT threat evolution Q1 2021. Non-mobile statistics
2021-05-31 10:00:05