CVE-2021-35213 HIGH

CVE-2021-35213: Orion User setting Improper Access Control Privilege Escalation Vulnerability

Vendor Solarwinds

Product Orion Platform

Weakness CWE-284

Published August 31, 2021

Last update September 16, 2024

View on NVD All CVEs

CVSS base score

8.9/10

Attack vector Adjacent

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L

What the vulnerability does

01Description

An Improper Access Control Privilege Escalation Vulnerability was discovered in the User Setting of Orion Platform version 2020.2.5. It allows a guest user to elevate privileges to the Administrator using this vulnerability. Authentication is required to exploit the vulnerability.

Key dates

02Disclosure timeline

August 31, 2021 CVE published

September 16, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-35213 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/284.html

Related vulnerabilities

Identifiers

CVE CVE-2021-35213

CWE CWE-284

CVSS 8.9 / HIGH

Affected versions