Broken Access Control On Node Management Vulnerability 

(CVE-2021-28674)

Download PDF

Summary

Access control based vulnerability which allows an authenticated Orion user with node management rights from Group A delete nodes from Group B.

Affected Products 

  • Orion Platform 2019.4 and earlier

Fixed Software Release

Acknowledgments

  • Cyber Factory, ENEDIS Enedis

    Advisory Details

    Severity

    4.6 Medium

    Advisory ID

    First Published

    05/13/2021

    Version

    Orion Platform 2020.2.6, 2020.2.5 HF1

    CVSS Score