EmailWebPage Command Injection Remote Code Execution Vulnerability (CVE-2021-35220)
Security Advisory Summary
EmailWebPage Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary commands on affected installations of SolarWinds Orion Platform. Authentication with the "Alerting Mgmt" permission is required to exploit this vulnerability.
Affected Products
- Orion Platform 2020.2.5 and earlier
Fixed Software Release
Acknowledgments
- Alex Birnberg of Zymo Security and FireEye
Advisory Details
Severity
High
Advisory ID
First Published
07/15/2021
Last Updated
08/24/2021
Version
Orion Platform 2020.2.6 HF1
Workarounds