ExportToPdfCmd Arbitrary File Read Information Disclosure Vulnerability

(CVE-2021-35219)

Security Advisory Summary

This vulnerability allows attackers to impersonate users and perform arbitrary actions on their behalf.

Affected Products

Orion Platform 2020.2.5 and earlier

Fixed Software Release

Orion Platform 2020.2.6 HF1

Acknowledgments

Alex Birnberg of Zymo Security and FireEye

Advisory Details

Severity

6.0 Medium

Advisory ID

First Published

07/15/2021

Last Updated

08/24/2021

Fixed Version

Orion Platform 2020.2.6 HF1

Workarounds

CVSS Score

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:
C/C:H/I:N/A:N