Medium severity6.8NVD Advisory· Published Dec 20, 2021· Updated Jun 17, 2026
CVE-2021-35244
CVE-2021-35244
Description
The "Log alert to a file" action within action management enables any Orion Platform user with Orion alert management rights to write to any file. An attacker with Orion alert management rights could use this vulnerability to perform an unrestricted file upload causing a remote code execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: 2020.2.6 HF 2 and previous versions
Patches
Vulnerability mechanics
References
4- documentation.solarwinds.com/en/Success_Center/orionplatform/content/core-secure-configuration.htmnvdVendor Advisory
- support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2020-2-6-Hotfix-3nvdRelease NotesVendor Advisory
- www.solarwinds.com/trust-center/security-advisories/cve-2021-35242nvdNot ApplicableVendor Advisory
- www.zerodayinitiative.com/advisories/ZDI-22-375/nvdThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.