The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. This vulnerability could allow a remote attacker to bypass authentication and execute API commands which may result in a compromise of the SolarWinds instance. SolarWinds Orion Platform versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1 are affected.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HSolarwinds Orion Platform
APPSolarwinds2019.42020.22020.2.1
CISA KEV — szczegółyi
- Dostawcai
- SolarWinds
- Produkti
- Orion
- Data dodania do KEVi
- 3 listopada 2021
- Termin remediation (USA)i
- 3 maja 2022(po terminie)
Zastosuj aktualizacje zgodnie z instrukcjami producenta.
▸ Pokaż oryginał (EN)
Apply updates per vendor instructions.
SolarWinds Orion API zawiera lukę w uwierzytelnianiu, która może umożliwić zdalnemu atakującemu wykonanie poleceń API.
▸ Pokaż oryginał (EN)
SolarWinds Orion API contains an authentication bypass vulnerability that could allow a remote attacker to execute API commands.
Powiązane podatności
This vulnerability allows remote attackers to execute escalate privileges on affected installations of SolarWi...
The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ (Microsoft Message Queue) and doe...
Stored XSS (Cross-Site Scripting) exists in the SolarWinds Orion Platform before before 2020.2.1 on multiple f...
SolarWinds Orion Platform before 2018.4 Hotfix 2 allows privilege escalation through the RabbitMQ service.
The SolarWinds Platform was susceptible to the Command Injection Vulnerability. This vulnerability allows a re...