Skip to main content

Orion Platform CVE-2021-35221

HIGH
Improper Access Control (CWE-284)
2021-08-31 psirt@solarwinds.com
8.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.1 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

1
CVE Published
Aug 31, 2021 - 13:15 nvd
HIGH 8.1

DescriptionNVD

Improper Access Control Tampering Vulnerability using ImportAlert function which can lead to a Remote Code Execution (RCE) from the Alerts Settings page.

AnalysisAI

Improper Access Control Tampering Vulnerability using ImportAlert function which can lead to a Remote Code Execution (RCE) from the Alerts Settings page. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-284. Improper Access Control Tampering Vulnerability using ImportAlert function which can lead to a Remote Code Execution (RCE) from the Alerts Settings page. Affected products include: Solarwinds Orion Platform.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2022-38108 HIGH POC
7.2 Oct 20

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. Rated high severity (CVSS 7.2), this vulne

CVE-2021-25274 CRITICAL POC
9.8 Feb 03

The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ (Microsoft Message Queue) and doesn't set p

CVE-2021-25275 HIGH POC
7.8 Feb 03

SolarWinds Orion Platform before 2020.2.4, as used by various SolarWinds products, installs and uses a SQL Server backen

CVE-2021-27258 CRITICAL
9.8 Apr 14

This vulnerability allows remote attackers to execute escalate privileges on affected installations of SolarWinds Orion

CVE-2019-9546 CRITICAL
9.8 Mar 01

SolarWinds Orion Platform before 2018.4 Hotfix 2 allows privilege escalation through the RabbitMQ service. Rated critica

CVE-2021-35222 CRITICAL
9.6 Aug 31

This vulnerability allows attackers to impersonate users and perform arbitrary actions leading to a Remote Code Executio

CVE-2020-13169 CRITICAL
9.0 Sep 17

Stored XSS (Cross-Site Scripting) exists in the SolarWinds Orion Platform before before 2020.2.1 on multiple forms and p

CVE-2022-36964 HIGH
8.8 Nov 29

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. Rated high severity (CVSS 8.8), this vulne

CVE-2022-36960 HIGH
8.8 Nov 29

SolarWinds Platform was susceptible to Improper Input Validation. Rated high severity (CVSS 8.8), this vulnerability is

CVE-2022-36958 HIGH
8.8 Oct 20

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. Rated high severity (CVSS 8.8), this vulne

CVE-2022-36961 HIGH
8.8 Sep 30

A vulnerable component of Orion Platform was vulnerable to SQL Injection, an authenticated attacker could leverage this

CVE-2021-35234 HIGH
8.8 Dec 20

Numerous exposed dangerous functions within Orion Core has allows for read-only SQL injection leading to privileged esca

Share

CVE-2021-35221 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy