ZDI-21-066: SolarWinds Orion Platform ExportToPDF Directory Traversal Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of SolarWinds Orion Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within ExportToPDF.aspx. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SolarWinds Orion |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of ZDI-21-066?
ZDI-21-066 is rated as a high severity vulnerability due to its potential to disclose sensitive information.
How do I fix ZDI-21-066?
To fix ZDI-21-066, ensure that the latest patches or updates for the SolarWinds Orion Platform are applied.
Who is affected by ZDI-21-066?
Organizations using affected versions of the SolarWinds Orion Platform are vulnerable to ZDI-21-066.
Can ZDI-21-066 be exploited remotely?
Yes, ZDI-21-066 can be exploited remotely, but authentication is required to carry out the attack.
What specific component is vulnerable in ZDI-21-066?
The vulnerability specifically affects the ExportToPDF.aspx component within the SolarWinds Orion Platform.
- agent/type
- agent/references
- agent/title
- agent/severity
- agent/description
- agent/source
- agent/event
- agent/softwarecombine
- agent/tags
- collector/zdi-advisory
- source/ZDI
- alias/ZDI-21-066
- alias/ZDI-CAN-11917
- alias/CVE-2020-27870
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/solarwinds
- canonical/solarwinds orion platform