CVE-2021-28674 in Orion Platforminformazioni

Riassunto

di MITRE • 30/07/2021

The node management page in SolarWinds Orion Platform before 2020.2.5 HF1 allows an attacker to create or delete a node (outside of the attacker's perimeter) via an account with write permissions. This occurs because node IDs are predictable (with incrementing numbers) and the access control on Services/NodeManagement.asmx/DeleteObjNow is incorrect. To exploit this, an attacker must be authenticated and must have node management rights associated with at least one valid group on the platform.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Prenotare

18/03/2021

Divulgazione

30/07/2021

Moderazione

accettato

CPE

pronto

EPSS

0.00908

KEV

no

Attività

molto basso

Fonti

Do you need the next level of professionalism?

Upgrade your account now!