Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2021-35249
Analyzed
More InfoOfficial Page
Source-psirt@solarwinds.com
View Known Exploited Vulnerability (KEV) details
Published At-17 May, 2022 | 20:15
Updated At-27 Oct, 2022 | 11:57

This broken access control vulnerability pertains specifically to a domain admin who can access configuration & user data of other domains which they should not have access to. Please note the admin is unable to modify the data (read only operation). This UAC issue leads to a data leak to unauthorized users for a domain, with no log of them accessing the data unless they attempt to modify it. This read-only activity is logged to the original domain and does not specify which domain was accessed.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Secondary3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Primary2.04.0MEDIUM
AV:N/AC:L/Au:S/C:P/I:N/A:N
CPE Matches
SolarWinds Worldwide, LLC.
solarwinds
>>serv-u>>Versions before 15.3.1(exclusive)
cpe:2.3:a:solarwinds:serv-u:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE-284Secondarypsirt@solarwinds.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-3-1_release_notes.htmpsirt@solarwinds.com
Release Notes
Vendor Advisory
https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35249psirt@solarwinds.com
Vendor Advisory
Change History
0Changes found
Details not found