CVE-2021-27258 is a vulnerability in SolarWinds Orion Platform
Published on April 14, 2021
This vulnerability allows remote attackers to execute escalate privileges on affected installations of SolarWinds Orion Platform 2020.2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SaveUserSetting endpoint. The issue results from improper restriction of this endpoint to unprivileged users. An attacker can leverage this vulnerability to escalate privileges their privileges from Guest to Administrator. Was ZDI-CAN-11903.
Weakness Type
What is an Authorization Vulnerability?
The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CVE-2021-27258 has been classified to as an Authorization vulnerability or weakness.
Products Associated with CVE-2021-27258
Want to know whenever a new CVE is published for SolarWinds Orion Platform? stack.watch will email you.
Affected Versions
SolarWinds Orion Platform Version 2020.2 is affected by CVE-2021-27258Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.