8.5
CVE-2021-35244
- EPSS 19.11%
- Veröffentlicht 20.12.2021 21:15:08
- Zuletzt bearbeitet 21.11.2024 06:12:08
- Quelle psirt@solarwinds.com
- CVE-Watchlists
- Unerledigt
LoginThe "Log alert to a file" action within action management enables any Orion Platform user with Orion alert management rights to write to any file. An attacker with Orion alert management rights could use this vulnerability to perform an unrestricted file upload causing a remote code execution.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Solarwinds ≫ Orion Platform Version < 2020.2.6
Solarwinds ≫ Orion Platform Version2020.2.6 Update-
Solarwinds ≫ Orion Platform Version2020.2.6 Updatehotfix1
Solarwinds ≫ Orion Platform Version2020.2.6 Updatehotfix2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 19.11% | 0.951 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 8.5 | 6.8 | 10 |
AV:N/AC:M/Au:S/C:C/I:C/A:C
|
| psirt@solarwinds.com | 6.8 | 1 | 5.3 |
CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L
|
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.