Trust Center Index Page SolarWinds Trust Center Security Advisories | CVE-2021-35225
NPM Netpath Horizontal Privilege Escalation Vulnerability (CVE-2021-35225)

Summary

Each authenticated Orion user in the MSP (Managed Service Provider) environment can view and browse all NetPath Services from all MSP's customers. This can lead to any user having a limited insight into other customers' infrastructure and potential data cross-contamination.

Affected Products

  • Network Performance Monitor 2020.2.6 HF1 and earlier

Fixed Software Release

Acknowledgments

  • Preston Deason
  • Chad Larsen
  • Zachary Riezenman

 

Advisory Details

Severity

5.0 Medium

Advisory ID

CVE-2021-35225

First Published

10/19/2021

Fixed Version

NPM 2020.2.6 HF2

Workarounds

Workaround 1

{{STATIC CONTENT}}
{{CAPTION_TITLE}}

{{CAPTION_CONTENT}}

{{TITLE}}