Lucene search

SolarWindsCVELIST:CVE-2021-35219

HistoryAug 31, 2021 - 11:01 a.m.

CVE-2021-35219 ExportToPdfCmd Arbitrary File Read Information Disclosure Vulnerability

2021-08-3111:01:50

SolarWinds

www.cve.org

cve-2021-35219

exporttopdfcmd

information disclosure

importalert

alerts settings page

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

43.5%

JSON

ExportToPdfCmd Arbitrary File Read Information Disclosure Vulnerability using ImportAlert function within the Alerts Settings page.

CNA Affected

[
  {
    "platforms": [
      "Windows"
    ],
    "product": "Orion Platform",
    "vendor": "SolarWinds",
    "versions": [
      {
        "lessThanOrEqual": "2020.2.6 HF1 ",
        "status": "affected",
        "version": "2020.2.6 and previous versions ",
        "versionType": "custom"
      }
    ]
  }
]

References

documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm

support.solarwinds.com/SuccessCenter/s/article/Mitigate-the-ExportToPdfCmd-Arbitrary-File-Read-Information-Disclosure-CVE-2021-35219?language=en_US

support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2020-2-6-Hotfix-1?language=en_US

www.solarwinds.com/trust-center/security-advisories/cve-2021-35219

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

43.5%

JSON

Related for CVELIST:CVE-2021-35219