vulnerability
SolarWinds Orion Platform: Orion User setting Improper Access Control Privilege Escalation Vulnerability (CVE-2021-35213)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:L/Au:S/C:C/I:C/A:C) | Aug 31, 2021 | Nov 30, 2021 | Nov 30, 2021 |
Severity
9
CVSS
(AV:N/AC:L/Au:S/C:C/I:C/A:C)
Published
Aug 31, 2021
Added
Nov 30, 2021
Modified
Nov 30, 2021
Description
An Improper Access Control Privilege Escalation Vulnerability was discovered in the User Setting of Orion Platform version 2020.2.5. It allows a guest user to elevate privileges to the Administrator using this vulnerability. Authentication is required to exploit the vulnerability.
Solution
solarwinds-orion-platform-upgrade-2020_2_6
References
- CVE-2021-35213
- https://attackerkb.com/topics/CVE-2021-35213
- URL-https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm
- URL-https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/orion_platform_2020-2-6_release_notes.htm
- URL-https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35213
- URL-https://www.zerodayinitiative.com/advisories/ZDI-21-1244/
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.