CVE-2021-35248

It has been reported that any Orion user, e.g. guest accounts can query the Orion.UserSettings entity and enumerate users and their basic settings.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:solarwinds:orion_platform:*:*:*:*:*:*:*:*
cpe:2.3:a:solarwinds:orion_platform:2020.2.6:-:*:*:*:*:*:*
cpe:2.3:a:solarwinds:orion_platform:2020.2.6:hotfix1:*:*:*:*:*:*
cpe:2.3:a:solarwinds:orion_platform:2020.2.6:hotfix2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

16 Sep 2024, 20:15

Type Values Removed Values Added
Summary (en) It has been reported that any Orion user, e.g. guest accounts can query the Orion.UserSettings entity and enumerate users and their basic settings. (en) It has been reported that any Orion user, e.g. guest accounts can query the Orion.UserSettings entity and enumerate users and their basic settings.

03 Aug 2023, 21:15

Type Values Removed Values Added
Summary It has been reported that any Orion user, e.g. guest accounts can query the Orion.UserSettings entity and enumerate users and their basic settings. It has been reported that any Orion user, e.g. guest accounts can query the Orion.UserSettings entity and enumerate users and their basic settings.

Information

Published : 2021-12-20 21:15

Updated : 2024-09-16 20:15


NVD link : CVE-2021-35248

Mitre link : CVE-2021-35248

CVE.ORG link : CVE-2021-35248


JSON object : View

Products Affected

solarwinds

  • orion_platform

microsoft

  • windows
CWE
CWE-732

Incorrect Permission Assignment for Critical Resource