2 results (0.007 seconds)

CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0

Each authenticated Orion Platform user in a MSP (Managed Service Provider) environment can view and browse all NetPath Services from all that MSP's customers. This can lead to any user having a limited insight into other customer's infrastructure and potential data cross-contamination. Cada usuario autenticado de Orion Platform en un entorno MSP (Managed Service Provider) puede visualizar y navegar todos los servicios NetPath de todos los clientes de ese MSP. Esto puede conllevar a que cualquier usuario tenga una visión limitada de la infraestructura de otros clientes y una posible contaminación cruzada de datos • https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm https://support.solarwinds.com/SuccessCenter/s/article/NPM-2020-2-6-Hotfix-2?language=en_US https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35225 •

CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0

This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor 2020 HF1, NPM: 2020.2. Authentication is required to exploit this vulnerability. The specific flaw exists within the WriteToFile method. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges and reset the password for the Admin user. • https://www.zerodayinitiative.com/advisories/ZDI-21-064 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •