CVE-2021-25275
First published: Wed Feb 03 2021(Updated: )
SolarWinds Orion Platform before 2020.2.4, as used by various SolarWinds products, installs and uses a SQL Server backend, and stores database credentials to access this backend in a file readable by unprivileged users. As a result, any user having access to the filesystem can read database login details from that file, including the login name and its associated password. Then, the credentials can be used to get database owner access to the SWNetPerfMon.DB database. This gives access to the data collected by SolarWinds applications, and leads to admin access to the applications by inserting or changing authentication data stored in the Accounts table of the database.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SolarWinds Orion Platform | <2020.2.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for the SolarWinds Orion Platform?
The vulnerability ID for the SolarWinds Orion Platform is CVE-2021-25275.
What is the severity level of CVE-2021-25275?
The severity of CVE-2021-25275 is high with a CVSS score of 7.8.
How does CVE-2021-25275 affect SolarWinds products?
CVE-2021-25275 affects various SolarWinds products that use the Orion Platform before version 2020.2.4.
What is the CWE ID for CVE-2021-25275?
The CWE ID for CVE-2021-25275 is 798.
Is there a fix available for CVE-2021-25275?
Yes, installing SolarWinds Orion Platform version 2020.2.4 or later will fix CVE-2021-25275.
- collector/nvd-index
- agent/references
- agent/weakness
- agent/author
- agent/severity
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- vendor/solarwinds
- canonical/solarwinds orion platform