Solarwinds Orion Platform
24 CVEs affecting Solarwinds Orion Platform. Latest disclosed: 2022-11-29. Critical: 1, High: 16.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-27258 | Critical | 9.8 | 2021-04-14 | This vulnerability allows remote attackers to execute escalate privileges on affected installations of SolarWinds Orion Platform 2020.2. Authentication is not… |
CVE-2021-35217 | High | 8.9 | 2021-09-08 | Insecure Deseralization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module and reported to… |
CVE-2021-35215 | High | 8.9 | 2021-09-01 | Insecure deserialization leading to Remote Code Execution was detected in the Orion Platform version 2020.2.5. Authentication is required to exploit this vulne… |
CVE-2021-35212 | High | 8.9 | 2021-08-31 | An SQL injection Privilege Escalation Vulnerability was discovered in the Orion Platform reported by the ZDI Team. A blind Boolean SQL injection which could le… |
CVE-2021-35213 | High | 8.9 | 2021-08-31 | An Improper Access Control Privilege Escalation Vulnerability was discovered in the User Setting of Orion Platform version 2020.2.5. It allows a guest user to… |
CVE-2022-36964 | High | 8.8 | 2022-11-29 | SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web… |
CVE-2022-36960 | High | 8.8 | 2022-11-29 | SolarWinds Platform was susceptible to Improper Input Validation. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to e… |
CVE-2022-36958 | High | 8.8 | 2022-10-20 | SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web… |
CVE-2022-36961 | High | 8.8 | 2022-09-30 | A vulnerable component of Orion Platform was vulnerable to SQL Injection, an authenticated attacker could leverage this for privilege escalation or remote code… |
CVE-2021-35220 | High | 8.1 | 2021-08-31 | Command Injection vulnerability in EmailWebPage API which can lead to a Remote Code Execution (RCE) from the Alerts Settings page. |
CVE-2021-35222 | High | 8.0 | 2021-08-31 | This vulnerability allows attackers to impersonate users and perform arbitrary actions leading to a Remote Code Execution (RCE) from the Alerts Settings page. |
CVE-2021-35239 | High | 7.5 | 2021-08-31 | A security researcher found a user with Orion map manage rights could store XSS through via text box hyperlink. |
CVE-2020-27870 | High | 7.5 | 2021-02-10 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of SolarWinds Orion Platform 2020.2.1. Authentication is… |
CVE-2022-36962 | High | 7.2 | 2022-11-29 | SolarWinds Platform was susceptible to Command Injection. This vulnerability allows a remote adversary with complete control over the SolarWinds database to ex… |
CVE-2022-38108 | High | 7.2 | 2022-10-20 | SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account acces… |
CVE-2022-36957 | High | 7.2 | 2022-10-20 | SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account acces… |
CVE-2020-27871 | High | 7.2 | 2021-02-10 | This vulnerability allows remote attackers to create arbitrary files on affected installations of SolarWinds Orion Platform 2020.2.1. Although authentication i… |
CVE-2021-35244 | Medium | 6.8 | 2021-12-20 | The "Log alert to a file" action within action management enables any Orion Platform user with Orion alert management rights to write to any file. An attacker… |
CVE-2021-35240 | Medium | 6.5 | 2021-08-31 | A security researcher stored XSS via a Help Server setting. This affects customers using Internet Explorer, because they do not support 'rel=noopener'. |
CVE-2021-35221 | Medium | 6.3 | 2021-08-31 | Improper Access Control Tampering Vulnerability using ImportAlert function which can lead to a Remote Code Execution (RCE) from the Alerts Settings page. |