Threat Encyclopedia

Insecure File Permissions Vulnerability for SolarWinds Managed Service Provider Patch Management Engine

description-logoDescription

An issue was discovered in SolarWinds MSP PME (Patch Management Engine) Cache Service before 1.1.15 in the Advanced Monitoring Agent. There are insecure file permissions for %PROGRAMDATA%\\SolarWinds MSP\\SolarWinds.MSP.CacheService\\config\\. This can lead to code execution by changing the CacheService.xml SISServerURL parameter.

affected-products-logoAffected Products

SolarWinds Managed Service Provider Patch Management Engine

CVE References

CVE-2020-12608