Rewterz Threat Advisory – Apache Thrift denial of service
February 15, 2021Rewterz Threat Alert – LokiBot IOCs
February 15, 2021Rewterz Threat Advisory – Apache Thrift denial of service
February 15, 2021Rewterz Threat Alert – LokiBot IOCs
February 15, 2021Severity
High
Analysis Summary
Solarwinds Orion Platform could allow a remote attacker to gain elevated privileges on the system, caused by improper restriction of the SaveUserSetting endpoint. By sending a specially-crafted request, an attacker could exploit this vulnerability to gain elevated privileges.
Impact
Privilege escalation
Affected Vendors
SolarWinds
Affected Products
- SolarWinds Orion Platform 2018.4
- SolarWinds Orion Platform 2019.4
- SolarWinds Orion Platform 2020.2.1
- SolarWinds Orion Platform 2019.2
- SolarWinds Orion Platform 2018.2
Remediation
Refer to Solarwinds Orion Platform Web site for patch, upgrade or suggested workaround information.