CVE-2021-35234

Name of the Vulnerable Software and Affected Versions: SolarWinds Network Performance Monitor (affected versions not specified)

Description: The issue involves numerous exposed dangerous functions within Orion Core, allowing for read-only SQL injection and leading to privileged escalation. An attacker with low-user privileges may steal password hashes and password salt information. The vulnerability affects various functions, including SendHttpRequest, WriteToEventLog, SendSyslog, Email, CustomProperty, CustomStatus, SnmpTrap, PlaySound, and TextToSpeech.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.