Trust Center Index Page SolarWinds Trust Center Security Advisories | CVE-2021-35221
ImportAlert Improper Access Control Tampering Vulnerability (CVE-2021-35221)

Summary

ImportAlert Improper Access Control Tampering Vulnerability. This vulnerability allows attackers to add arbitrary SMTP servers to the server configuration. Authentication is required but can be a guest.

Affected Products

  • Orion Platform 2020.2.5 and earlier

Fixed Software Release

Acknowledgments

  • Alex Birnberg of Zymo Security and FireEye

Advisory Details

Severity

6.3 Medium

Advisory ID

CVE-2021-35221

First Published

07/15/2021

Last Updated

08/24/2021

Fixed Version

Orion Platform 2020.2.6 HF 1

Workarounds

Workaround 1

{{STATIC CONTENT}}
{{CAPTION_TITLE}}

{{CAPTION_CONTENT}}

{{TITLE}}