Vulnerability Description
The "Log alert to a file" action within action management enables any Orion Platform user with Orion alert management rights to write to any file. An attacker with Orion alert management rights could use this vulnerability to perform an unrestricted file upload causing a remote code execution.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Solarwinds | Orion Platform | < 2020.2.6 |
| Microsoft | Windows | - |
Related Weaknesses (CWE)
References
- https://documentation.solarwinds.com/en/Success_Center/orionplatform/content/corVendor Advisory
- https://support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2020-2-6-HRelease NotesVendor Advisory
- https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35242Not ApplicableVendor Advisory
- https://www.zerodayinitiative.com/advisories/ZDI-22-375/Third Party AdvisoryVDB Entry
- https://documentation.solarwinds.com/en/Success_Center/orionplatform/content/corVendor Advisory
- https://support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2020-2-6-HRelease NotesVendor Advisory
- https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35242Not ApplicableVendor Advisory
- https://www.zerodayinitiative.com/advisories/ZDI-22-375/Third Party AdvisoryVDB Entry
FAQ
What is CVE-2021-35244?
CVE-2021-35244 is a vulnerability with a CVSS score of 6.8 (MEDIUM). The "Log alert to a file" action within action management enables any Orion Platform user with Orion alert management rights to write to any file. An attacker with Orion alert management rights could ...
How severe is CVE-2021-35244?
CVE-2021-35244 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-35244?
Check the references section above for vendor advisories and patch information. Affected products include: Solarwinds Orion Platform, Microsoft Windows.