Vulnerability Description
An Improper Access Control Privilege Escalation Vulnerability was discovered in the User Setting of Orion Platform version 2020.2.5. It allows a guest user to elevate privileges to the Administrator using this vulnerability. Authentication is required to exploit the vulnerability.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Solarwinds | Orion Platform | <= 2020.2.5 |
| Microsoft | Windows | - |
Related Weaknesses (CWE)
References
- https://documentation.solarwinds.com/en/success_center/orionplatform/content/corVendor Advisory
- https://documentation.solarwinds.com/en/success_center/orionplatform/content/relRelease NotesVendor Advisory
- https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35213Vendor Advisory
- https://www.zerodayinitiative.com/advisories/ZDI-21-1244/Third Party AdvisoryVDB Entry
- https://documentation.solarwinds.com/en/success_center/orionplatform/content/corVendor Advisory
- https://documentation.solarwinds.com/en/success_center/orionplatform/content/relRelease NotesVendor Advisory
- https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35213Vendor Advisory
- https://www.zerodayinitiative.com/advisories/ZDI-21-1244/Third Party AdvisoryVDB Entry
FAQ
What is CVE-2021-35213?
CVE-2021-35213 is a vulnerability with a CVSS score of 8.9 (HIGH). An Improper Access Control Privilege Escalation Vulnerability was discovered in the User Setting of Orion Platform version 2020.2.5. It allows a guest user to elevate privileges to the Administrator u...
How severe is CVE-2021-35213?
CVE-2021-35213 has been rated HIGH with a CVSS base score of 8.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-35213?
Check the references section above for vendor advisories and patch information. Affected products include: Solarwinds Orion Platform, Microsoft Windows.