How severe is CVE-2021-28674?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.4 out of 10.

What type of vulnerability is CVE-2021-28674?

This is classified as CWE-330, which is a common weakness in software security.

CVE-2021-28674

MEDIUM Year: 2021

CVSS v3 Score

5.4

Medium

CVSS v2 Score

5.5

Medium

Weakness Type

CWE-330

View all →

Vulnerability Description

The node management page in SolarWinds Orion Platform before 2020.2.5 HF1 allows an attacker to create or delete a node (outside of the attacker's perimeter) via an account with write permissions. This occurs because node IDs are predictable (with incrementing numbers) and the access control on Services/NodeManagement.asmx/DeleteObjNow is incorrect. To exploit this, an attacker must be authenticated and must have node management rights associated with at least one valid group on the platform.

CVE-2021-37186

MEDIUM

CVSS:5.4(Medium)

A vulnerability has been identified in LOGO! CMR2020 (All versions < V2.2), LOGO! CMR2040 (All versions < V2.2), SIMATIC RTU3010C (All versions < V4.0.9), SIMATIC RTU3030C (All versions < V4.0.9), SIM...

CWE-3302021

CVE-2024-42165

MEDIUM

CVSS:5.4(Medium)

Insufficiently random values for generating activation token in FIWARE Keyrock <= 8.4 allow attackers to activate accounts of any user by predicting the token for the activation link.

CWE-3302024

CVE-2019-6632

MEDIUM

CVSS:5.5(Medium)

On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, under certain circumstances, attackers can decrypt configuration items that are encrypted because the vCMP configuration...

CWE-3302019

CVE-2020-10729

MEDIUM

CVSS:5.5(Medium)

A flaw was found in the use of insufficiently random values in Ansible. Two random password lookups of the same length generate the equal value as the template caching action for the same file since n...

CWE-3302020

CVE-2020-10870

MEDIUM

CVSS:5.5(Medium)

Zim through 0.72.1 creates temporary directories with predictable names. A malicious user could predict and create Zim's temporary directories and prevent other users from being able to start Zim, res...

CWE-3302020

CVE-2020-8631

MEDIUM

CVSS:5.5(Medium)

cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice functi...

CWE-3302020

CVE-2021-28674

Vulnerability Description

Related Vulnerabilities

CVE-2021-37186

CVE-2024-42165

CVE-2019-6632

CVE-2020-10729

CVE-2020-10870

CVE-2020-8631