CVE-2021-35249
Domain Admin Broken Access Control
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
This broken access control vulnerability pertains specifically to a domain admin who can access configuration & user data of other domains which they should not have access to. Please note the admin is unable to modify the data (read only operation). This UAC issue leads to a data leak to unauthorized users for a domain, with no log of them accessing the data unless they attempt to modify it. This read-only activity is logged to the original domain and does not specify which domain was accessed.
Esta vulnerabilidad de control de acceso roto es referida específicamente a un administrador de dominio que puede acceder a los datos de configuración y de usuario de otros dominios a los que no debería tener acceso. Tenga en cuenta que el administrador no puede modificar los datos (operación de sólo lectura). Este problema de UAC conlleva a un filtrado de datos a usuarios no autorizados de un dominio, sin que sea registrado su acceso a los datos a menos que intenten modificarlos. Esta actividad de sólo lectura es registrada en el dominio original y no especifica a qué dominio ha sido accedido
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-06-22 CVE Reserved
- 2022-05-17 CVE Published
- 2023-12-08 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-284: Improper Access Control
CAPEC
References (2)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Solarwinds Search vendor "Solarwinds" | Serv-u Search vendor "Solarwinds" for product "Serv-u" | < 15.3.1 Search vendor "Solarwinds" for product "Serv-u" and version " < 15.3.1" | - |
Affected
|