It has been reported that any Orion user, e.g. guest accounts can query the Orion.UserSettings entity and enumerate users and their basic settings.
References
Link | Resource |
---|---|
https://documentation.solarwinds.com/en/Success_Center/orionplatform/content/core-secure-configuration.htm | Vendor Advisory |
https://support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2020-2-6-Hotfix-3 | Release Notes Vendor Advisory |
https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35248 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: SolarWinds
Published: 2021-12-20T00:00:00
Updated: 2023-08-03T20:32:27.141Z
Reserved: 2021-06-22T00:00:00
Link: CVE-2021-35248
JSON object: View
NVD Information
Status : Modified
Published: 2021-12-20T21:15:08.157
Modified: 2023-08-03T21:15:11.923
Link: CVE-2021-35248
JSON object: View
Redhat Information
No data.
CWE