SolarWinds Orion Platform 2020.2.0 < 2020.2.6 HF1 Multiple Vulnerabilities XSS

critical Nessus Plugin ID 155443

Description

The version of SolarWinds Orion Platform installed on the remote host is prior to 2020.2.6 HF1. It is, therefore, affected by multiple vulnerabilities as referenced in the orion_platform_2020_2_6_hf1 advisory.

- A security researcher found a user with Orion map manage rights could store XSS through via text box hyperlink. (CVE-2021-35239)

- A security researcher stored XSS via a Help Server setting. This affects customers using Internet Explorer, because they do not support 'rel=noopener'. (CVE-2021-35240)

- Improper Access Control Tampering Vulnerability using ImportAlert function which can lead to a Remote Code Execution (RCE) from the Alerts Settings page. (CVE-2021-35221)

- User with Orion Platform Admin Rights could store XSS through URL POST parameter in CreateExternalWebsite website. (CVE-2021-35238)

- ExportToPdfCmd Arbitrary File Read Information Disclosure Vulnerability using ImportAlert function within the Alerts Settings page. (CVE-2021-35219)

- This vulnerability allows attackers to impersonate users and perform arbitrary actions leading to a Remote Code Execution (RCE) from the Alerts Settings page. (CVE-2021-35222)

- Command Injection vulnerability in EmailWebPage API which can lead to a Remote Code Execution (RCE) from the Alerts Settings page. (CVE-2021-35220)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

See Also

http://www.nessus.org/u?087598e5

http://www.nessus.org/u?175110db

http://www.nessus.org/u?d1b56a48

http://www.nessus.org/u?d718ba97

http://www.nessus.org/u?501061de

http://www.nessus.org/u?9362f652

http://www.nessus.org/u?2e159524

Plugin Details

Severity: Critical

ID: 155443

File Name: solarwinds_orion_platform_2020_2_6_hf1.nasl

Version: 1.4

Type: combined

Agent: windows

Family: CGI abuses

Published: 11/17/2021

Updated: 5/6/2022

Supported Sensors: Nessus Agent

Risk Information

CVSS Score Source: CVE-2021-35220

VPR

Risk Factor: Medium

Score: 6.5

CVSS v2

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 4.8

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Temporal Vector: E:U/RL:OF/RC:C

CVSS v3

Risk Factor: Critical

Base Score: 9.6

Temporal Score: 8.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:solarwinds:orion_platform

Required KB Items: installed_sw/SolarWinds Orion Core

Exploit Ease: No known exploits are available

Patch Publication Date: 7/20/2021

Vulnerability Publication Date: 7/20/2021

Reference Information

CVE: CVE-2021-35219, CVE-2021-35220, CVE-2021-35221, CVE-2021-35222, CVE-2021-35238, CVE-2021-35239, CVE-2021-35240

IAVA: 2021-A-0477-S