CyberSec.Space Logo
CVEブラウザに戻る

CVE-2021-27258

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0970%
EPSS Percentile0.78th
Published2021年4月14日
Last Modified2024年11月21日

Vulnerability Description

This vulnerability allows remote attackers to execute escalate privileges on affected installations of SolarWinds Orion Platform 2020.2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SaveUserSetting endpoint. The issue results from improper restriction of this endpoint to unprivileged users. An attacker can leverage this vulnerability to escalate privileges their privileges from Guest to Administrator. Was ZDI-CAN-11903.

Affected Platforms (CPE)

📦
Solarwinds

Orion Platform

= 2020.2

References & Advisories

🔗 https://www.zerodayinitiative.com/advisories/ZDI-21-192/
🔗 https://www.zerodayinitiative.com/advisories/ZDI-21-192/

関連する脆弱性情報

CVE-2020-101489.8

The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. Thi...

CVE-2021-252749.8

The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ (Microsoft Message Queue) and doesn't set permissions...

CVE-2019-95469.8

SolarWinds Orion Platform before 2018.4 Hotfix 2 allows privilege escalation through the RabbitMQ service.

CVE-2020-131699.0

Stored XSS (Cross-Site Scripting) exists in the SolarWinds Orion Platform before before 2020.2.1 on multiple forms and pages. This...