ImportAlert Improper Access Control Tampering Vulnerability
CVE-2021-35221

6.3MEDIUM

Key Information:

Vendor: Solarwinds
Status: Orion Platform
Vendor: CVE Published:; 31 August 2021

Summary

Improper Access Control Tampering Vulnerability using ImportAlert function which can lead to a Remote Code Execution (RCE) from the Alerts Settings page.

Affected Version(s)

Orion Platform Windows 2020.2.6 and previous versions <= 2020.2.6 HF1

References

https://documentation.solarwinds.com/en/success_center/or...

x_refsource_MISC

https://support.solarwinds.com/SuccessCenter/s/article/Or...

x_refsource_MISC

https://www.solarwinds.com/trust-center/security-advisori...

x_refsource_MISC

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 31, 2021
Vulnerability Reserved
Jun 22, 2021

Credit

SolarWinds would like to thank Alex Birnberg of Zymo Security and FireEye for reporting on the issue in a responsible manner.