Lucene search

SolarWindsCVELIST:CVE-2021-35220

HistoryAug 31, 2021 - 11:03 a.m.

CVE-2021-35220 EmailWebPage Command Injection RCE

2021-08-3111:03:45

SolarWinds

www.cve.org

8.1 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

9.4 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.8%

JSON

Command Injection vulnerability in EmailWebPage API which can lead to a Remote Code Execution (RCE) from the Alerts Settings page.

CNA Affected

[
  {
    "platforms": [
      "Windows"
    ],
    "product": "Orion Platform",
    "vendor": "SolarWinds",
    "versions": [
      {
        "lessThanOrEqual": "2020.2.6 HF1 ",
        "status": "affected",
        "version": "2020.2.6 and previous versions ",
        "versionType": "custom"
      }
    ]
  }
]

References

documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/orion_platform_2020-2-6_release_notes.htm

support.solarwinds.com/SuccessCenter/s/article/Mitigate-the-EmailWebPage-Command-Injection-RCE-CVE-2021-35220?language=en_US

support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2020-2-6-Hotfix-1?language=en_US

www.solarwinds.com/trust-center/security-advisories/cve-2021-35220

8.1 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

9.4 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.8%

JSON

Related for CVELIST:CVE-2021-35220