Broken Access Control On Node Management Vulnerability (CVE-2021-28674)

Summary

Access control based vulnerability which allows an authenticated Orion user with node management rights from Group A delete nodes from Group B.

Affected Products 

  • Orion Platform 2019.4 and earlier

Fixed Software Release

Acknowledgments

  • Cyber Factory, ENEDIS Enedis
    Advisory Details
    Severity
    Medium
    Advisory ID

    CVE-2021-28674

    First Published
    05/13/2021
    Version

    Orion Platform 2020.2.6, 2020.2.5 HF1

    CVSS Score

    CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:
    N/I:L/A:L

    Download PDF
    Send an Email