CVE-2021-35220 is a vulnerability in SolarWinds Orion Platform
Published on August 31, 2021

EmailWebPage Command Injection RCE
Command Injection vulnerability in EmailWebPage API which can lead to a Remote Code Execution (RCE) from the Alerts Settings page.

NVD

Vulnerability Analysis

Attack Vector:

ADJACENT_NETWORK

Attack Complexity:

LOW

Privileges Required:

HIGH

User Interaction:

NONE

Scope:

CHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

NONE

Products Associated with CVE-2021-35220

Want to know whenever a new CVE is published for SolarWinds Orion Platform? stack.watch will email you.

SolarWinds Orion Platform

Affected Versions

SolarWinds Orion Platform:

Version 2020.2.6 and previous versions, <= 2020.2.6 HF1 is affected.

Exploit Probability

EPSS

1.63%

Percentile

81.67%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2021-35220 is a vulnerability in SolarWinds Orion PlatformPublished on August 31, 2021

Vulnerability Analysis

Products Associated with CVE-2021-35220

Affected Versions

Exploit Probability

CVE-2021-35220 is a vulnerability in SolarWinds Orion Platform
Published on August 31, 2021