EmailWebPage Command Injection Remote Code Execution Vulnerability 

(CVE-2021-35220)

Security Advisory Summary

EmailWebPage Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary commands on affected installations of SolarWinds Orion Platform. Authentication with the "Alerting Mgmt" permission is required to exploit this vulnerability.

Affected Products

  • Orion Platform 2020.2.5 and earlier

Fixed Software Release

Acknowledgments

  • Alex Birnberg of Zymo Security and FireEye

Advisory Details

Severity

8.1 High

Advisory ID

First Published

07/15/2021

Last Updated

08/24/2021

Version

Orion Platform 2020.2.6 HF1

Workarounds