CVE-2021-35228

Reflected cross site scripting affecting SolarWinds: DPA 2021.3.7388

CVSS 5.5 MEDIUMEPSS 0.6%

Vexday Risk Score

13Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 5.5EPSS 0.6%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

21 out 2021Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

This vulnerability occurred due to missing input sanitization for one of the output fields that is extracted from headers on specific section of page causing a reflective cross site scripting attack. An attacker would need to perform a Man in the Middle attack in order to change header for a remote victim.

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

Produtos afetados

SolarWinds · SolarWinds

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://documentation.solarwinds.com/en/success_center/dpa/content/release_notes/dpa_2021-3-7438_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35228