Lucene search
PRIOn knowledge basePRION:CVE-2021-35244HistoryDec 20, 2021 - 9:15 p.m.
Unrestricted file upload
2021-12-2021:15:00
PRIOn knowledge base
www.prio-n.com
6
0.003 Low
EPSS
Percentile
71.6%
The “Log alert to a file” action within action management enables any Orion Platform user with Orion alert management rights to write to any file. An attacker with Orion alert management rights could use this vulnerability to perform an unrestricted file upload causing a remote code execution.
| CPE | Name | Operator | Version |
|---|---|---|---|
| orion_platform | lt | 2020.2.6 | |
| orion_platform | eq | 2020.2.6 hotfix1 | |
| orion_platform | eq | 2020.2.6 hotfix2 | |
| orion_platform | eq | 2020.2.6 |
References
documentation.solarwinds.com/en/Success_Center/orionplatform/content/core-secure-configuration.htm
support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2020-2-6-Hotfix-3?language=en_US
www.solarwinds.com/trust-center/security-advisories/cve-2021-35242
www.zerodayinitiative.com/advisories/ZDI-22-375/
Related
zdi
zdi
cve
cve
CVE-2021-35244
2021-12-20 21:15:08
cvelist
cvelist
nvd
nvd
CVE-2021-35244
2021-12-20 21:15:08