CVE-2021-35244 MEDIUM

CVE-2021-35244: Unrestricted File Upload Causing Remote Code Execution: Orion Platform 2020.2.6

Vendor Solarwinds
Product Orion Platform
Published December 20, 2021
Last update September 16, 2024

CVSS base score

6.8/10
Attack vector Adjacent
Attack complexity High
Privileges required High
User interaction None
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L

What the vulnerability does

01Description

The "Log alert to a file" action within action management enables any Orion Platform user with Orion alert management rights to write to any file. An attacker with Orion alert management rights could use this vulnerability to perform an unrestricted file upload causing a remote code execution.

Key dates

02Disclosure timeline

December 20, 2021 CVE published
September 16, 2024 Record updated