cvedb.io
CVE-2021-31475
HIGH · CVSS 8.8
EPSS exploitation probability: 0%
Published 2021-05-21T15:15:07.877 · Last modified 2026-06-17T03:51:51.983

Summary

This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Job Scheduler 2020.2.1 HF 2. Authentication is required to exploit this vulnerability. The specific flaw exists within the JobRouterService WCF service. The issue is due to the WCF service configuration, which allows a critical resource to be accessed by unprivileged users. An attacker can leverage this vulnerability to execute code in the context of an administrator. Was ZDI-CAN-12007.

Affected products

solarwinds — orion_job_scheduler

Does this affect you?

Add your gear to cvedb and we'll alert you only when solarwinds ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.