Reverse Tabnabbing and Open Redirect Vulnerability

(CVE-2021-3109)

Security Advisory Summary

The custom menu item options page in SolarWinds Orion Platform before 2020.2.5 allows Reverse Tabnabbing in the context of an administrator account.

Affected Products

Orion Platform versions 2020.2.4 and earlier

Fixed Software Release

Orion Platform 2020.2.5

Acknowledgments

Jhon Jaro

Advisory Details

Severity

4.3 Medium

Advisory ID

First Published

03/25/2021

Version

Orion Platform 2020.2.5

CVSS Score

CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/
C:N/I:L/A:L