CVE-2021-35221

Improper Access Control Tampering Vulnerability using ImportAlert function which can lead to a Remote Code Execution (RCE) from the Alerts Settings page.

Summary:

Improper Access Control Tampering Vulnerability using ImportAlert function which can lead to a Remote Code Execution (RCE) from the Alerts Settings page.

Reference Links(if available):

https://support.solarwinds.com/SuccessCenter/s/article/Mitigate-the-ImportAlert-Improper-Access-Control-Tampering-Vulnerability-CVE-2021-35221?language=en_US

https://support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2020-2-6-Hotfix-1?language=en_US

https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm

https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35221

CVSS Score (if available)

v2: / HIGH

v3: /

CVE-2021-35221

Summary:

Reference Links(if available):

CVSS Score (if available)

Links to Exploits(if available)

[AKIRA] – Ransomware Victim: Find Great People1

CISA: CISA Adds One Known Exploited Vulnerability to Catalog

CISA: CISA Adds One Known Exploited Vulnerability to Catalog

CISA: CISA Adds One Known Exploited Vulnerability to Catalog

CISA: Cisco Releases Security Bundle for Cisco ASA, FMC, and FTD Software

Summary:

Reference Links(if available):

CVSS Score (if available)

Links to Exploits(if available)

You may have missed

[AKIRA] – Ransomware Victim: Find Great People1

CISA: CISA Adds One Known Exploited Vulnerability to Catalog

CISA: CISA Adds One Known Exploited Vulnerability to Catalog

CISA: CISA Adds One Known Exploited Vulnerability to Catalog

CISA: Cisco Releases Security Bundle for Cisco ASA, FMC, and FTD Software