Login Sign Up

CVE-2021-31586

8.8 HIGH
SQL Injection

📋 TL;DR

This vulnerability allows authenticated users to perform SQL injection via LDAP group search functionality in Accellion Kiteworks. Attackers can execute arbitrary SQL commands, potentially accessing, modifying, or deleting database content. Organizations running vulnerable versions of Kiteworks are affected.

💻 Affected Systems

Products:
  • Accellion Kiteworks
Versions: All versions before 7.4.0
Operating Systems: Linux (typical deployment)
Default Config Vulnerable: ⚠️ Yes
Notes: Requires authenticated user access; LDAP integration may increase attack surface

📦 What is this software?

Kiteworks by Accellion

View all CVEs affecting Kiteworks →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data exfiltration, privilege escalation, or system takeover via SQL injection to RCE chain

🟠

Likely Case

Unauthorized data access, privilege escalation, or data manipulation within the Kiteworks application

🟢

If Mitigated

Limited impact due to network segmentation, database permissions restrictions, and monitoring

🌐 Internet-Facing: HIGH - Kiteworks is often deployed as internet-facing file sharing/collaboration platform
🏢 Internal Only: MEDIUM - Still significant risk from insider threats or compromised accounts

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

SQL injection via authenticated LDAP group search; exploit details available in public repositories

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 7.4.0 and later

Vendor Advisory: https://github.com/accellion/CVEs/blob/main/CVE-2021-31586.txt

Restart Required: Yes

Instructions:

1. Backup current configuration and data. 2. Download Kiteworks 7.4.0 or later from Accellion support portal. 3. Follow vendor upgrade documentation. 4. Restart Kiteworks services. 5. Verify functionality.

🔧 Temporary Workarounds

Disable LDAP Group Search

linux

Temporarily disable LDAP group search functionality if not essential

Modify Kiteworks configuration to remove LDAP group search settings

Network Segmentation

all

Restrict database access from application servers

Configure firewall rules to limit database connections to specific IPs/ports

🧯 If You Can't Patch

  • Implement strict input validation and parameterized queries at application layer
  • Deploy WAF with SQL injection protection rules and monitor for attack patterns

🔍 How to Verify

Check if Vulnerable:

Check Kiteworks version via admin interface or configuration files; versions below 7.4.0 are vulnerable

Check Version:

Check /opt/kiteworks/version.txt or admin interface version display

Verify Fix Applied:

Confirm version is 7.4.0 or higher and test LDAP group search functionality

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL queries in database logs
  • Multiple failed LDAP group search attempts
  • Suspicious user activity patterns

Network Indicators:

  • Unusual database connection patterns from application servers
  • SQL error messages in HTTP responses

SIEM Query:

source="kiteworks" AND ("sql" OR "ldap" OR "group search") AND (error OR failed OR exception)

📊 Metadata

CVE ID: CVE-2021-31586
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-89
Published: June 23, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-31586, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)