ZDI-21-1601: SolarWinds Network Performance Monitor Email Exposed Dangerous Function Privilege Escalation Vulnerability
This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor. Authentication is required to exploit this vulnerability. The specific flaw exists within the Email class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator.
| Affected Software | Affected Version | How to fix |
|---|---|---|
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this alert?
The vulnerability ID for this alert is ZDI-21-1601.
What is the severity of ZDI-21-1601?
The severity of ZDI-21-1601 is high with a CVSS score of 8.8.
Which software is affected by ZDI-21-1601?
ZDI-21-1601 affects SolarWinds Network Performance Monitor.
What is the required authentication to exploit ZDI-21-1601?
Authentication is required to exploit ZDI-21-1601.
How can ZDI-21-1601 be fixed?
Patching or upgrading to a fixed version provided by SolarWinds is recommended to address ZDI-21-1601.
- agent/references
- agent/type
- collector/zdi-advisory
- source/ZDI
- alias/ZDI-21-1601
- alias/ZDI-CAN-15317
- alias/CVE-2021-35234
- agent/software-canonical-lookup
- agent/title
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/description
- agent/event
- vendor/solarwinds
- canonical/solarwinds network performance monitor