CVE-2021-31475

Name of the Vulnerable Software and Affected Versions SolarWinds Orion Job Scheduler version 2020.2.1 HF 2

Description This issue allows remote attackers to execute arbitrary code on affected installations. Authentication is required to exploit this issue. The flaw exists within the JobRouterService WCF service due to its configuration, which allows a critical resource to be accessed by unprivileged users. An attacker can leverage this to execute code in the context of an administrator.

Recommendations For SolarWinds Orion Job Scheduler version 2020.2.1 HF 2, consider disabling the JobRouterService WCF service until a patch is available to prevent exploitation. Restrict access to the critical resource accessed by the WCF service to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.