Описание
It has been reported that any Orion user, e.g. guest accounts can query the Orion.UserSettings entity and enumerate users and their basic settings.
It has been reported that any Orion user, e.g. guest accounts can query the Orion.UserSettings entity and enumerate users and their basic settings.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2021-35248
- https://documentation.solarwinds.com/en/Success_Center/orionplatform/content/core-secure-configuration.htm
- https://support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2020-2-6-Hotfix-3
- https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35248
Связанные уязвимости
CVSS3: 6.8
nvd
около 4 лет назад
It has been reported that any Orion user, e.g. guest accounts can query the Orion.UserSettings entity and enumerate users and their basic settings.