Cross-Contamination Risk: Unauthorized Access to NetPath Services in MSP Environment

Cross-Contamination Risk: Unauthorized Access to NetPath Services in MSP Environment

CVE-2021-35225 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Each authenticated Orion Platform user in a MSP (Managed Service Provider) environment can view and browse all NetPath Services from all that MSP's customers. This can lead to any user having a limited insight into other customer's infrastructure and potential data cross-contamination.

Learn more about our Infrastructure Penetration Testing.