Lucene search

SolarWindsCVELIST:CVE-2021-35221

HistoryAug 31, 2021 - 12:13 p.m.

CVE-2021-35221 ImportAlert Improper Access Control Tampering Vulnerability

2021-08-3112:13:04

CWE-284

SolarWinds

www.cve.org

access control

tampering

importalert

remote code execution

CVSS3

6.3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

AI Score

9.2

Confidence

High

EPSS

0.002

Percentile

58.5%

JSON

Improper Access Control Tampering Vulnerability using ImportAlert function which can lead to a Remote Code Execution (RCE) from the Alerts Settings page.

CNA Affected

[
  {
    "platforms": [
      "Windows"
    ],
    "product": "Orion Platform",
    "vendor": "SolarWinds",
    "versions": [
      {
        "lessThanOrEqual": "2020.2.6 HF1 ",
        "status": "affected",
        "version": "2020.2.6 and previous versions ",
        "versionType": "custom"
      }
    ]
  }
]

References

documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm

support.solarwinds.com/SuccessCenter/s/article/Mitigate-the-ImportAlert-Improper-Access-Control-Tampering-Vulnerability-CVE-2021-35221?language=en_US

support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2020-2-6-Hotfix-1?language=en_US

www.solarwinds.com/trust-center/security-advisories/cve-2021-35221

CVSS3

6.3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

AI Score

9.2

Confidence

High

EPSS

0.002

Percentile

58.5%

JSON

Related for CVELIST:CVE-2021-35221