CVE-2021-35244 – Unrestricted File Upload Causing Remote Code Execution: Orion Platform 2020.2.6
https://notcve.org/view.php?id=CVE-2021-35244
The "Log alert to a file" action within action management enables any Orion Platform user with Orion alert management rights to write to any file. An attacker with Orion alert management rights could use this vulnerability to perform an unrestricted file upload causing a remote code execution. La acción "Log alert to a file" dentro de la administración de acciones permite a cualquier usuario de Orion Platform con derechos de administración de alertas de Orion escribir en cualquier archivo. Un atacante con derechos de administración de alertas de Orion podría usar esta vulnerabilidad para llevar a cabo una carga de archivos sin restricciones causando una ejecución de código remota This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of alert creation. • https://documentation.solarwinds.com/en/Success_Center/orionplatform/content/core-secure-configuration.htm https://support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2020-2-6-Hotfix-3?language=en_US https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35242 https://www.zerodayinitiative.com/advisories/ZDI-22-375 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2021-35248 – Unrestricted access to Orion.UserSettings SWIS entity for low-privilege users
https://notcve.org/view.php?id=CVE-2021-35248
It has been reported that any Orion user, e.g. guest accounts can query the Orion.UserSettings entity and enumerate users and their basic settings. Se ha informado de que cualquier usuario de Orion, por ejemplo, las cuentas de invitados pueden consultar la entidad Orion.UserSettings y enumerar los usuarios y su configuración básica • https://documentation.solarwinds.com/en/Success_Center/orionplatform/content/core-secure-configuration.htm https://support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2020-2-6-Hotfix-3 https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35248 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2021-35218 – Chart Endpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-35218
Deserialization of Untrusted Data in the Web Console Chart Endpoint can lead to remote code execution. An unauthorized attacker who has network access to the Orion Patch Manager Web Console could potentially exploit this and compromise the server Una deserialización de Datos no Confiables en el Endpoint de la Consola Web puede conllevar a una ejecución de código remota. Un atacante no autorizado que tenga acceso a la red de la Consola Web de Orion Patch Manager podría potencialmente explotar esto y comprometer el servidor This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Patch Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Chart endpoint. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. • https://documentation.solarwinds.com/en/success_center/patchman/content/release_notes/patchman_2020-2-6_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35218 https://www.zerodayinitiative.com/advisories/ZDI-21-1248 • CWE-502: Deserialization of Untrusted Data •
CVE-2021-35215 – ActionPluginBaseView Deserialization of Untrusted Data RCE
https://notcve.org/view.php?id=CVE-2021-35215
Insecure deserialization leading to Remote Code Execution was detected in the Orion Platform version 2020.2.5. Authentication is required to exploit this vulnerability. Se ha detectado una deserialización insegura conllevando a una ejecución de código remota en Orion Platform versión 2020.2.5. Es requerida una autenticación para explotar esta vulnerabilidad This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the ActionPluginBaseView class. • https://github.com/Y4er/CVE-2021-35215 https://documentation.solarwinds.co/enm/success_center/orionplatform/content/release_notes/orion_platform_2020-2-6_release_notes.htm https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35215 https://www.zerodayinitiative.com/advisories/ZDI-21-1245 • CWE-502: Deserialization of Untrusted Data •
CVE-2021-35238 – Stored XSS through URL POST parameter in CreateExternalWebsite Vulnerability
https://notcve.org/view.php?id=CVE-2021-35238
User with Orion Platform Admin Rights could store XSS through URL POST parameter in CreateExternalWebsite website. Un usuario con derechos de Administrador de la Plataforma Orion podría almacenar una vulnerabilidad de tipo XSS mediante el parámetro URL POST en el sitio web CreateExternalWebsite • https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm https://support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2020-2-6-Hotfix-1?language=en_US https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35238 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •