Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveSolarWindsCVE-2021-35228
HistoryOct 21, 2021 - 6:15 p.m.

CVE-2021-35228

2021-10-2118:15:10
CWE-79
SolarWinds
web.nvd.nist.gov
23
vulnerability
input sanitization
headers
reflective xss
cve-2021-35228
nvd

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

CVSS3

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

AI Score

4.6

Confidence

High

EPSS

0.001

Percentile

28.7%

JSON

This vulnerability occurred due to missing input sanitization for one of the output fields that is extracted from headers on specific section of page causing a reflective cross site scripting attack. An attacker would need to perform a Man in the Middle attack in order to change header for a remote victim.

Affected configurations

Nvd
Node
solarwindsdatabase_performance_analyzerMatch2021.3.7388
VendorProductVersionCPE
solarwindsdatabase_performance_analyzer2021.3.7388cpe:2.3:a:solarwinds:database_performance_analyzer:2021.3.7388:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "SolarWinds",
    "vendor": "SolarWinds",
    "versions": [
      {
        "lessThan": "2021.3.7388",
        "status": "affected",
        "version": "DPA 2021.3.7388",
        "versionType": "custom"
      }
    ]
  }
]

Related

cvelist 1
prion 1
cnvd 1
nvd 1
cvelist
cvelist
CVE-2021-35228 Reflected cross site scripting affecting SolarWinds: DPA 2021.3.7388
2021-10-21 17:43:01
prion
prion
Cross site scripting
2021-10-21 18:15:00
cnvd
cnvd
SolarWinds Database Performance Analyzer Cross-Site Scripting Vulnerability
2021-10-25 00:00:00
nvd
nvd
CVE-2021-35228
2021-10-21 18:15:10

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

CVSS3

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

AI Score

4.6

Confidence

High

EPSS

0.001

Percentile

28.7%

JSON
Related for CVE-2021-35228
cvelist1prion1cnvd1nvd1