Exposed Dangerous Functions - Privileged Escalation
(CVE-2021-35234)
Summary
Numerous exposed dangerous functions within Orion Core allows for read-only SQL injection leading to privileged escalation. An attacker with low-user privileges may steal password hashes and password salt information.
Affected Products
- Orion Platform 2020.2.6 HF2 and earlier
Fixed Software Release
- Orion Platform 2020.2.6 HF3
Acknowledgments
- Trend Micro, Zero Day Initiative
Advisory Details
Severity
8.0 High
Advisory ID
First Published
12/20/2021
Fixed Version
Orion Platform 2020.2.6 HF3