Permissions, Privileges, and Access Controls in Orion Platform - CVE-2021-35213

 

Permissions, Privileges, and Access Controls in Orion Platform - CVE-2021-35213

Published: October 26, 2021 / Updated: October 28, 2021


Vulnerability identifier: #VU57644
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2021-35213
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: SolarWinds
Affected software:
Orion Platform

Detailed vulnerability description

The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions in the User Setting of Orion Platform within the SaveUserSetting endpoint. A remote authenticated guest can gain administrative privileges within the application.


How to mitigate CVE-2021-35213

Install updates from vendor's website.

Sources