CVE-2021-35240

Опубликовано: 31 авг. 2021

Источник: nvd

CVSS3: 6.5

CVSS3: 4.8

CVSS2: 3.5

EPSS Низкий

Описание

A security researcher stored XSS via a Help Server setting. This affects customers using Internet Explorer, because they do not support 'rel=noopener'.

Ссылки

https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm
Product
Vendor Advisory
https://support.solarwinds.com/SuccessCenter/s/article/Mitigate-the-Stored-XSS-via-Help-Server-setting-CVE-2021-35240?language=en_US
Patch
Vendor Advisory
https://support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2020-2-6-Hotfix-1?language=en_US
Mitigation
Vendor Advisory
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35240
Vendor Advisory
https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm
Product
Vendor Advisory
https://support.solarwinds.com/SuccessCenter/s/article/Mitigate-the-Stored-XSS-via-Help-Server-setting-CVE-2021-35240?language=en_US
Patch
Vendor Advisory
https://support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2020-2-6-Hotfix-1?language=en_US
Mitigation
Vendor Advisory
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35240
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:solarwinds:orion_platform:*:*:*:*:*:*:*:*

Версия до 2020.2.5 (включая)

cpe:2.3:a:microsoft:internet_explorer:-:*:*:*:*:*:*:*

EPSS

Процентиль: 64%

0.00459

Низкий

6.5 Medium

CVSS3

4.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-ch69-82p3-hfw4

github

больше 3 лет назад

A security researcher stored XSS via a Help Server setting. This affects customers using Internet Explorer, because they do not support 'rel=noopener'.

EPSS

Процентиль: 64%

0.00459

Низкий

6.5 Medium

CVSS3

4.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79