CVE-2021-35225

Опубликовано: 21 окт. 2021

Источник: nvd

CVSS3: 5

CVSS3: 6.4

CVSS2: 5.5

EPSS Низкий

Описание

Each authenticated Orion Platform user in a MSP (Managed Service Provider) environment can view and browse all NetPath Services from all that MSP's customers. This can lead to any user having a limited insight into other customer's infrastructure and potential data cross-contamination.

Ссылки

https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm
Vendor Advisory
https://support.solarwinds.com/SuccessCenter/s/article/NPM-2020-2-6-Hotfix-2?language=en_US
Release Notes
Vendor Advisory
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35225
Vendor Advisory
https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm
Vendor Advisory
https://support.solarwinds.com/SuccessCenter/s/article/NPM-2020-2-6-Hotfix-2?language=en_US
Release Notes
Vendor Advisory
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35225
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:solarwinds:network_performance_monitor:*:*:*:*:*:*:*:*

Версия до 2020.2.6 (включая)

cpe:2.3:a:solarwinds:network_performance_monitor:2020.2.6:hotfix1:*:*:*:*:*:*

EPSS

Процентиль: 77%

0.01106

Низкий

5 Medium

CVSS3

6.4 Medium

CVSS3

5.5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-25w6-fx24-w953

CVSS3: 6.4

github

больше 3 лет назад

EPSS

Процентиль: 77%

0.01106

Низкий

5 Medium

CVSS3

6.4 Medium

CVSS3

5.5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo