Solarwinds Orion_platform

49 CVEs affecting Solarwinds Orion_platform. Latest disclosed: 2023-09-13. Critical: 5, High: 26.

Top CVEs affecting Solarwinds Orion_platform
CVESeverityScorePublishedSummary
CVE-2021-27258Critical9.82021-04-14This vulnerability allows remote attackers to execute escalate privileges on affected installations of SolarWinds Orion Platform 2020.2. Authentication is not…
CVE-2021-25274Critical9.82021-02-03The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ (Microsoft Message Queue) and doesn't set permissions on its private queues. As a…
CVE-2020-10148Critical9.82020-12-29The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. This vulnerability could allow a…
CVE-2019-9546Critical9.82019-03-01SolarWinds Orion Platform before 2018.4 Hotfix 2 allows privilege escalation through the RabbitMQ service.
CVE-2020-13169Critical9.02020-09-17Stored XSS (Cross-Site Scripting) exists in the SolarWinds Orion Platform before before 2020.2.1 on multiple forms and pages. This vulnerability may lead to th…
CVE-2021-35218High8.92021-09-01Deserialization of Untrusted Data in the Web Console Chart Endpoint can lead to remote code execution. An unauthorized attacker who has network access to the O…
CVE-2021-35215High8.92021-09-01Insecure deserialization leading to Remote Code Execution was detected in the Orion Platform version 2020.2.5. Authentication is required to exploit this vulne…
CVE-2021-35212High8.92021-08-31An SQL injection Privilege Escalation Vulnerability was discovered in the Orion Platform reported by the ZDI Team. A blind Boolean SQL injection which could le…
CVE-2021-35213High8.92021-08-31An Improper Access Control Privilege Escalation Vulnerability was discovered in the User Setting of Orion Platform version 2020.2.5. It allows a guest user to…
CVE-2022-36964High8.82022-11-29SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web…
CVE-2022-36960High8.82022-11-29SolarWinds Platform was susceptible to Improper Input Validation. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to e…
CVE-2022-36958High8.82022-10-20SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web…
CVE-2022-36961High8.82022-09-30A vulnerable component of Orion Platform was vulnerable to SQL Injection, an authenticated attacker could leverage this for privilege escalation or remote code…
CVE-2021-35220High8.12021-08-31Command Injection vulnerability in EmailWebPage API which can lead to a Remote Code Execution (RCE) from the Alerts Settings page.
CVE-2021-35234High8.02021-12-20Numerous exposed dangerous functions within Orion Core has allows for read-only SQL injection leading to privileged escalation. An attacker with low-user privi…
CVE-2021-35222High8.02021-08-31This vulnerability allows attackers to impersonate users and perform arbitrary actions leading to a Remote Code Execution (RCE) from the Alerts Settings page.
CVE-2022-47505High7.82023-04-21The SolarWinds Platform was susceptible to the Local Privilege Escalation Vulnerability. This vulnerability allows a local adversary with a valid system user a…
CVE-2022-47506High7.82023-02-15SolarWinds Platform was susceptible to the Directory Traversal Vulnerability. This vulnerability allows a local adversary with authenticated account access to…
CVE-2021-27277High7.82021-04-22This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Orion Virtual Infrastructure Monitor 2020.2. An attack…
CVE-2021-25275High7.82021-02-03SolarWinds Orion Platform before 2020.2.4, as used by various SolarWinds products, installs and uses a SQL Server backend, and stores database credentials to a…