Unrated severityNVD Advisory· Published Dec 20, 2021· Updated Sep 16, 2024

Unrestricted File Upload Causing Remote Code Execution: Orion Platform 2020.2.6

CVE-2021-35244

Description

The "Log alert to a file" action within action management enables any Orion Platform user with Orion alert management rights to write to any file. An attacker with Orion alert management rights could use this vulnerability to perform an unrestricted file upload causing a remote code execution.

Affected products

SolarWinds/Orion Platformcpe-rescue
Range: 2020.2.6 HF 2 and previous versions

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

documentation.solarwinds.com/en/Success_Center/orionplatform/content/core-secure-configuration.htmmitrex_refsource_MISC
support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2020-2-6-Hotfix-3mitrex_refsource_MISC
www.solarwinds.com/trust-center/security-advisories/cve-2021-35242mitrex_refsource_MISC
www.zerodayinitiative.com/advisories/ZDI-22-375/mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.019
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000