CVE-2021-3109
4.8 MEDIUMThe custom menu item options page in SolarWinds Orion Platform before 2020.2.5 allows Reverse Tabnabbing in the context of an administrat...
Published: 2021-03-26 · Last updated: 2026-06-17
Severity and scoring
- CVSS
- 4.8 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Affected products
| Vendor | Product |
|---|---|
| solarwinds | orion_platform |
Description
The custom menu item options page in SolarWinds Orion Platform before 2020.2.5 allows Reverse Tabnabbing in the context of an administrator account.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-3109
- [Vendor advisory]https://documentation.solarwinds.com/en/Success_Center/orionplatform/Content/Release_Notes/Orion_Platform_2020-2-5_release_notes.htm
- [Vendor advisory]https://support.solarwinds.com/SuccessCenter/s/
- [Vendor advisory]https://documentation.solarwinds.com/en/Success_Center/orionplatform/Content/Release_Notes/Orion_Platform_2020-2-5_release_notes.htm
- [Vendor advisory]https://support.solarwinds.com/SuccessCenter/s/
Related CVEs
Same vendor
- CVE-2026-28318 — SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-En... (7.5 HIGH)
- CVE-2026-28299 — SolarWinds Web Help Desk is found to be affected by a denial-of-service vulnerability, which when exploited, could cause the Web Help Des... (8.2 HIGH)
- CVE-2021-3154 — An issue was discovered in SolarWinds Serv-U before 15.2.2 (7.5 HIGH)