CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-35244

The "Log alert to a file" action within action management enables any Orion Platform user with Orion alert management rights to write to any file. An attacker with Orion alert management rights could use this vulnerability to perform an unrestricted file upload causing a remote code execution.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.083

EPSS Ranking 91.8%

CVSS Severity

CVSS v3 Score 6.8

CVSS v2 Score 8.5

References

Products affected by CVE-2021-35244

Solarwinds » Orion Platform » Version: 2016.1

cpe:2.3:a:solarwinds:orion_platform:2016.1
Solarwinds » Orion Platform » Version: 2016.2

cpe:2.3:a:solarwinds:orion_platform:2016.2
Solarwinds » Orion Platform » Version: 2017.1

cpe:2.3:a:solarwinds:orion_platform:2017.1
Solarwinds » Orion Platform » Version: 2017.3

cpe:2.3:a:solarwinds:orion_platform:2017.3
Solarwinds » Orion Platform » Version: 2018.2

cpe:2.3:a:solarwinds:orion_platform:2018.2
Solarwinds » Orion Platform » Version: 2018.4

cpe:2.3:a:solarwinds:orion_platform:2018.4
Solarwinds » Orion Platform » Version: 2019.2

cpe:2.3:a:solarwinds:orion_platform:2019.2
Solarwinds » Orion Platform » Version: 2019.4

cpe:2.3:a:solarwinds:orion_platform:2019.4
Solarwinds » Orion Platform » Version: 2019.4.2

cpe:2.3:a:solarwinds:orion_platform:2019.4.2
Solarwinds » Orion Platform » Version: 2020.2

cpe:2.3:a:solarwinds:orion_platform:2020.2
Solarwinds » Orion Platform » Version: 2020.2.1

cpe:2.3:a:solarwinds:orion_platform:2020.2.1
Solarwinds » Orion Platform » Version: 2020.2.4

cpe:2.3:a:solarwinds:orion_platform:2020.2.4
Solarwinds » Orion Platform » Version: 2020.2.5

cpe:2.3:a:solarwinds:orion_platform:2020.2.5
Solarwinds » Orion Platform » Version: 2020.2.6

cpe:2.3:a:solarwinds:orion_platform:2020.2.6
Microsoft » Windows » Version: N/A

cpe:2.3:o:microsoft:windows:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-35244

Products

Pricing

Contact Us