Vulnerability in Solarwinds Orion Platform
CVE-2021-35220
Command Injection vulnerability in EmailWebPage API which can lead to a Remote Code Execution (RCE) from the Alerts Settings page.
EPSS: 0.009 (75.7th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.1 (High). Vector: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N.
Affected products
- Solarwinds Orion Platform — versions 2020.2.6 and previous versions
References
- support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2020-2-6-Hotfix-1 (x_refsource_MISC)
- www.solarwinds.com/trust-center/security-advisories/cve-2021-35220 (x_refsource_MISC)
- support.solarwinds.com/SuccessCenter/s/article/Mitigate-the-EmailWebPage-Comman… (x_refsource_MISC)
- documentation.solarwinds.com/en/success_center/orionplatform/content/release_no… (x_refsource_MISC)
Frequently asked questions
- What is CVE-2021-35220?
- CVE-2021-35220 is a high-severity vulnerability in Solarwinds Orion Platform. CVSS score: 8.1/10. Published 2021-08-31.
- How severe is CVE-2021-35220?
- High severity. CVSS v3 base score is 8.1 out of 10.