Unrated severityNVD Advisory· Published Dec 20, 2021· Updated Sep 16, 2024
Unrestricted access to Orion.UserSettings SWIS entity for low-privilege users
CVE-2021-35248
Description
It has been reported that any Orion user, e.g. guest accounts can query the Orion.UserSettings entity and enumerate users and their basic settings.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: 2020.2.6 HF 2 and previous versions
Patches
Vulnerability mechanics
References
3- documentation.solarwinds.com/en/Success_Center/orionplatform/content/core-secure-configuration.htmmitrex_refsource_MISC
- support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2020-2-6-Hotfix-3mitrex_refsource_MISC
- www.solarwinds.com/trust-center/security-advisories/CVE-2021-35248mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.