Solarwinds Orion_platform
49 CVEs affecting Solarwinds Orion_platform. Latest disclosed: 2023-09-13. Critical: 5, High: 26.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-27258 | Critical | 9.8 | 2021-04-14 | This vulnerability allows remote attackers to execute escalate privileges on affected installations of SolarWinds Orion Platform 2020.2. Authentication is not… |
CVE-2021-25274 | Critical | 9.8 | 2021-02-03 | The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ (Microsoft Message Queue) and doesn't set permissions on its private queues. As a… |
CVE-2020-10148 | Critical | 9.8 | 2020-12-29 | The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. This vulnerability could allow a… |
CVE-2019-9546 | Critical | 9.8 | 2019-03-01 | SolarWinds Orion Platform before 2018.4 Hotfix 2 allows privilege escalation through the RabbitMQ service. |
CVE-2020-13169 | Critical | 9.0 | 2020-09-17 | Stored XSS (Cross-Site Scripting) exists in the SolarWinds Orion Platform before before 2020.2.1 on multiple forms and pages. This vulnerability may lead to th… |
CVE-2021-35218 | High | 8.9 | 2021-09-01 | Deserialization of Untrusted Data in the Web Console Chart Endpoint can lead to remote code execution. An unauthorized attacker who has network access to the O… |
CVE-2021-35215 | High | 8.9 | 2021-09-01 | Insecure deserialization leading to Remote Code Execution was detected in the Orion Platform version 2020.2.5. Authentication is required to exploit this vulne… |
CVE-2021-35212 | High | 8.9 | 2021-08-31 | An SQL injection Privilege Escalation Vulnerability was discovered in the Orion Platform reported by the ZDI Team. A blind Boolean SQL injection which could le… |
CVE-2021-35213 | High | 8.9 | 2021-08-31 | An Improper Access Control Privilege Escalation Vulnerability was discovered in the User Setting of Orion Platform version 2020.2.5. It allows a guest user to… |
CVE-2022-36964 | High | 8.8 | 2022-11-29 | SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web… |
CVE-2022-36960 | High | 8.8 | 2022-11-29 | SolarWinds Platform was susceptible to Improper Input Validation. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to e… |
CVE-2022-36958 | High | 8.8 | 2022-10-20 | SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web… |
CVE-2022-36961 | High | 8.8 | 2022-09-30 | A vulnerable component of Orion Platform was vulnerable to SQL Injection, an authenticated attacker could leverage this for privilege escalation or remote code… |
CVE-2021-35220 | High | 8.1 | 2021-08-31 | Command Injection vulnerability in EmailWebPage API which can lead to a Remote Code Execution (RCE) from the Alerts Settings page. |
CVE-2021-35234 | High | 8.0 | 2021-12-20 | Numerous exposed dangerous functions within Orion Core has allows for read-only SQL injection leading to privileged escalation. An attacker with low-user privi… |
CVE-2021-35222 | High | 8.0 | 2021-08-31 | This vulnerability allows attackers to impersonate users and perform arbitrary actions leading to a Remote Code Execution (RCE) from the Alerts Settings page. |
CVE-2022-47505 | High | 7.8 | 2023-04-21 | The SolarWinds Platform was susceptible to the Local Privilege Escalation Vulnerability. This vulnerability allows a local adversary with a valid system user a… |
CVE-2022-47506 | High | 7.8 | 2023-02-15 | SolarWinds Platform was susceptible to the Directory Traversal Vulnerability. This vulnerability allows a local adversary with authenticated account access to… |
CVE-2021-27277 | High | 7.8 | 2021-04-22 | This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Orion Virtual Infrastructure Monitor 2020.2. An attack… |
CVE-2021-25275 | High | 7.8 | 2021-02-03 | SolarWinds Orion Platform before 2020.2.4, as used by various SolarWinds products, installs and uses a SQL Server backend, and stores database credentials to a… |