Lucene search

MitreCVE-2021-3109

HistoryMar 26, 2021 - 4:15 p.m.

CVE-2021-3109

2021-03-2616:15:12

mitre

web.nvd.nist.gov

cve-2021-3109

solarwinds

orion platform

custom menu item

options page

vulnerability

nvd

reverse tabnabbing

CVSS2

4.9

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:P/A:N

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

22.7%

JSON

The custom menu item options page in SolarWinds Orion Platform before 2020.2.5 allows Reverse Tabnabbing in the context of an administrator account.

Affected configurations

Nvd

Node

solarwindsorion_platformRange<2020.2.5

VendorProductVersionCPE
solarwindsorion_platform*cpe:2.3:a:solarwinds:orion_platform:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
solarwinds	orion_platform	*	cpe:2.3:a:solarwinds:orion_platform::::::::

References

documentation.solarwinds.com/en/Success_Center/orionplatform/Content/Release_Notes/Orion_Platform_2020-2-5_release_notes.htm

support.solarwinds.com/SuccessCenter/s/

CVSS2

4.9

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:P/A:N

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

22.7%

JSON

Related for CVE-2021-3109