Is CVE-2021-35219 being actively exploited?

It is not currently in CISA's KEV catalog. Its EPSS exploitation probability is 1%.

What products does CVE-2021-35219 affect?

Tracked products affected include SolarWinds Orion. Check the version you run to see whether it is affected.

How do I fix CVE-2021-35219?

Apply the vendor fix in your normal patch cycle. An official patch or advisory is available. Upgrade affected products to a fixed version.

← All products

CVE-2021-35219

Q: What is CVE-2021-35219?

CVE-2021-35219 is a medium-severity software vulnerability with a CVSS score of 6. ExportToPdfCmd Arbitrary File Read Information Disclosure Vulnerability using ImportAlert function within the Alerts Settings page.

MEDIUM severity · CVSS 6

6CVSS MEDIUM

Summary

ExportToPdfCmd Arbitrary File Read Information Disclosure Vulnerability using ImportAlert function within the Alerts Settings page.

Impact & exploitability

Attack vectorLocal

Attack complexityLow

Privileges requiredHigh

User interactionNone

Confidentiality impactHigh

Integrity impactNone

Availability impactNone

Exploit probability (EPSS)1%

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Affected products we track (1)

SolarWinds Orion

Recommendation

Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.

Official patch: https://support.solarwinds.com/SuccessCenter/s/article/Mitigate-the-ExportToPdfCmd-Arbitrary-File-Read-Information-Disclosure-CVE-2021-35219?language=en_US ↗

Additional information

NVD record
https://support.solarwinds.com/SuccessCenter/s/article/Mitigate-the-ExportToPdfCmd-Arbitrary-File-Read-Information-Disclosure-CVE-2021-35219?language=en_USPatch
https://support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2020-2-6-Hotfix-1?language=en_USPatch
https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htmAdvisory
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35219Advisory