CRITICAL🇬🇧 English

CVE-2021-27258

CVSS 9.8v3.1pub. 2021-04-14upd. 2024-11-21

This vulnerability allows remote attackers to execute escalate privileges on affected installations of SolarWinds Orion Platform 2020.2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SaveUserSetting endpoint. The issue results from improper restriction of this endpoint to unprivileged users. An attacker can leverage this vulnerability to escalate privileges their privileges from Guest to Administrator. Was ZDI-CAN-11903.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Solarwinds Orion Platform

    APP
    Solarwinds
    2020.2
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
LPE
CWE
Referencje

Powiązane podatności

CVE-2020-10148CRITICAL9.8⚠ KEVten sam produkt

The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execu...

CVE-2021-25274CRITICAL9.8ten sam produkt

The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ (Microsoft Message Queue) and doe...

CVE-2020-13169CRITICAL9.0ten sam produkt

Stored XSS (Cross-Site Scripting) exists in the SolarWinds Orion Platform before before 2020.2.1 on multiple f...

CVE-2019-9546CRITICAL9.8ten sam produkt

SolarWinds Orion Platform before 2018.4 Hotfix 2 allows privilege escalation through the RabbitMQ service.

CVE-2022-36963HIGH7.2ten sam produkt

The SolarWinds Platform was susceptible to the Command Injection Vulnerability. This vulnerability allows a re...