CVE-2021-35225 is a vulnerability in SolarWinds Network Performance Monitor
Published on October 21, 2021
Netpath Horizontal Privilege Escalation Vulnerability: NPM 2020.2.5
Each authenticated Orion Platform user in a MSP (Managed Service Provider) environment can view and browse all NetPath Services from all that MSP's customers. This can lead to any user having a limited insight into other customer's infrastructure and potential data cross-contamination.
Vulnerability Analysis
CVE-2021-35225 can be exploited with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.
Products Associated with CVE-2021-35225
Want to know whenever a new CVE is published for SolarWinds Network Performance Monitor? stack.watch will email you.
Affected Versions
SolarWinds NPM:- Version 2020.2.6 Hotfix 1 and previous versions and below 2020.2.6 Hotfix 2 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.