Insecure Web Header Vulnerability - RabbitMQLogin

(CVE-2021-35227)

Summary

Insecure deserialization leading to Remote Code Execution was detected in the Orion Platform version 2020.2.5. Authentication is required to exploit this vulnerability.

Affected Products

Access Rights Manager 2020.2.6 and earlier

Fixed Software Release

Access Rights Manager 2021.4

Advisory Details

Severity

4.7 Medium

Advisory ID

CVE-2021-35227

First Published

10/19/2021

Fixed Version

ARM 2021.4

CVSS Score

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N