CVE-2021-35219: 
SolarWinds Platform vulnerability analysis and mitigation

ExportToPdfCmd Arbitrary File Read Information Disclosure Vulnerability (CVE-2021-35219) affects SolarWinds Orion Platform versions prior to 2020.2.6 HF1. The vulnerability allows attackers to perform arbitrary file read and information disclosure using ImportAlert function within the Alerts Settings page (SolarWinds Advisory).

The vulnerability has a CVSS v3.1 base score of 6.0 (Medium) with vector string CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N. This indicates the attack requires local access with high privileges but no user interaction, with potential for high confidentiality impact in some cases (NVD).

The vulnerability could allow attackers to impersonate users and perform arbitrary actions on their behalf by exploiting the file read and information disclosure capabilities (SolarWinds Advisory).

The vulnerability has been fixed in Orion Platform version 2020.2.6 HF1. Users are advised to upgrade to this version or later to mitigate the risk. SolarWinds has also provided secure configuration guidance including implementing strict access control and auditing at operating system and network layers (SolarWinds Documentation).