ExportToPdfCmd Arbitrary File Read Information Disclosure Vulnerability (CVE-2021-35219)

Security Advisory Summary

This vulnerability allows attackers to impersonate users and perform arbitrary actions on their behalf.

Affected Products

  • Orion Platform 2020.2.5 and earlier

Fixed Software Release

Acknowledgments

  • Alex Birnberg of Zymo Security and FireEye
Advisory Details
Severity
Medium
Advisory ID

CVE-2021-35219

First Published
07/15/2021
Last Updated
08/24/2021
Fixed Version

Orion Platform 2020.2.6 HF1

Workarounds

Workaround 1

CVSS Score

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:
C/C:H/I:N/A:N

Download PDF
Send an Email