SolarWinds Orion Platform 2020.2.0 < 2020.2.6 HF1 Multiple Vulnerabilities XSS

critical Nessus Plugin ID 155443


The version of SolarWinds Orion Platform installed on the remote host is prior to 2020.2.6 HF1. It is, therefore, affected by multiple vulnerabilities as referenced in the orion_platform_2020_2_6_hf1 advisory.

- A security researcher found a user with Orion map manage rights could store XSS through via text box hyperlink. (CVE-2021-35239)

- A security researcher stored XSS via a Help Server setting. This affects customers using Internet Explorer, because they do not support 'rel=noopener'. (CVE-2021-35240)

- Improper Access Control Tampering Vulnerability using ImportAlert function which can lead to a Remote Code Execution (RCE) from the Alerts Settings page. (CVE-2021-35221)

- User with Orion Platform Admin Rights could store XSS through URL POST parameter in CreateExternalWebsite website. (CVE-2021-35238)

- ExportToPdfCmd Arbitrary File Read Information Disclosure Vulnerability using ImportAlert function within the Alerts Settings page. (CVE-2021-35219)

- This vulnerability allows attackers to impersonate users and perform arbitrary actions leading to a Remote Code Execution (RCE) from the Alerts Settings page. (CVE-2021-35222)

- Command Injection vulnerability in EmailWebPage API which can lead to a Remote Code Execution (RCE) from the Alerts Settings page. (CVE-2021-35220)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

See Also

Plugin Details

Severity: Critical

ID: 155443

File Name: solarwinds_orion_platform_2020_2_6_hf1.nasl

Version: 1.4

Type: combined

Agent: windows

Family: CGI abuses

Published: 11/17/2021

Updated: 5/6/2022

Supported Sensors: Nessus Agent, Nessus

Risk Information


Risk Factor: Medium

Score: 6.5


Risk Factor: Medium

Base Score: 6.5

Temporal Score: 4.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS Score Source: CVE-2021-35220


Risk Factor: Critical

Base Score: 9.6

Temporal Score: 8.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS Score Source: CVE-2021-35222

Vulnerability Information

CPE: cpe:/a:solarwinds:orion_platform

Required KB Items: installed_sw/SolarWinds Orion Core

Exploit Ease: No known exploits are available

Patch Publication Date: 7/20/2021

Vulnerability Publication Date: 7/20/2021

Reference Information

CVE: CVE-2021-35219, CVE-2021-35220, CVE-2021-35221, CVE-2021-35222, CVE-2021-35238, CVE-2021-35239, CVE-2021-35240

IAVA: 2021-A-0477-S