N/A

SolarWinds Orion Platform before 2020.2.4, as used by various SolarWinds products, installs and uses a SQL Server backend, and stores database credentials to access this backend in a file readable by unprivileged users. As a result, any user having access to the filesystem can read database login details from that file, including the login name and its associated password. Then, the credentials can be used to get database owner access to the SWNetPerfMon.DB database. This gives access to the data collected by SolarWinds applications, and leads to admin access to the applications by inserting or changing authentication data stored in the Accounts table of the database.

N/A

N/A

Solarwinds Orion Platform 信任管理问题漏洞

Solarwinds Orion Platform是美国Solarwinds公司的一套网络故障和网络性能管理平台。该平台可对网络设备提供实时监测和分析，并支持定制网页介面、多种用户意见和对整个网络进行地图式浏览等。 SolarWinds Orion Platform before 2020.2. 存在信任管理问题漏洞，任何能够访问文件系统的用户都可以从该文件读取数据库登录详细信息，包括登录名及其关联的密码。

N/A

N/A