3 matches found
CVE-2021-35248
It has been reported that any Orion user, e.g. guest accounts can query the Orion.UserSettings entity and enumerate users and their basic settings...
CVE-2021-35248 Unrestricted access to Orion.UserSettings SWIS entity for low-privilege users
It has been reported that any Orion user, e.g. guest accounts can query the Orion.UserSettings entity and enumerate users and their basic settings...
CVE-2021-35248
SolarWinds Orion contains an issue where any authenticated user (including low-privilege or guest accounts) can query Orion.UserSettings and enumerate users and their basic settings. NVD notes impact to confidentiality (partial) with network-accessible exposure; CVSS vectors indicate low attack c...