Latest solarwinds orion platform Vulnerabilities

CVE-2023-23845
SolarWinds Platform Exposed Dangerous Method Vulnerability
<2023.3.1
SolarWinds Orion Platform<2023.3.1
CVE-2023-23840
SolarWinds Platform Exposed Dangerous Method Vulnerability
<2023.3.1
SolarWinds Orion Platform<2023.3.1
CVE-2022-47509
The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform account to append URL paramet...
SolarWinds Orion Platform<2023.2
CVE-2022-36963
The SolarWinds Platform was susceptible to the Command Injection Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform admin account to execute arbitrary command...
SolarWinds Orion Platform<2023.2
CVE-2022-47505
The SolarWinds Platform was susceptible to the Local Privilege Escalation Vulnerability. This vulnerability allows a local adversary with a valid system user account to escalate local privileges.
SolarWinds Orion Platform<2023.2
CVE-2023-23836
SolarWinds Platform version 2022.4.1 was found to be susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to the Sol...
SolarWinds Orion Platform=2022.4.1
CVE-2022-47507
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute ar...
SolarWinds Orion Platform=2022.4.1
CVE-2022-47506
SolarWinds Platform was susceptible to the Directory Traversal Vulnerability. This vulnerability allows a local adversary with authenticated account access to edit the default configuration, enabling ...
SolarWinds Orion Platform=2022.4.1
CVE-2022-38111
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute ar...
SolarWinds Orion Platform=2022.4.1
CVE-2022-47504
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute ar...
SolarWinds Orion Platform=2022.4.1
CVE-2022-47503
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute ar...
SolarWinds Orion Platform=2022.4.1
CVE-2022-36960
SolarWinds Platform was susceptible to Improper Input Validation. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to escalate user privileges.
SolarWinds Orion Platform<2020.2.6
SolarWinds Orion Platform=2020.2.6
SolarWinds Orion Platform=2020.2.6-hotfix1
SolarWinds Orion Platform=2020.2.6-hotfix2
SolarWinds Orion Platform=2020.2.6-hotfix3
SolarWinds Orion Platform=2020.2.6-hotfix4
and 3 more
CVE-2022-36964
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands.
SolarWinds Orion Platform<2020.2.6
SolarWinds Orion Platform=2020.2.6
SolarWinds Orion Platform=2020.2.6-hotfix1
SolarWinds Orion Platform=2020.2.6-hotfix2
SolarWinds Orion Platform=2020.2.6-hotfix3
SolarWinds Orion Platform=2020.2.6-hotfix4
and 3 more
CVE-2022-38108
SolarWinds Network Performance Monitor BytesToMessage Deserialization of Untrusted Data Remote Code Execution Vulnerability
SolarWinds Network Performance Monitor
SolarWinds Orion Platform<2020.2.6
SolarWinds Orion Platform=2020.2.6
SolarWinds Orion Platform=2020.2.6-hotfix1
SolarWinds Orion Platform=2020.2.6-hotfix2
SolarWinds Orion Platform=2020.2.6-hotfix3
and 4 more
CVE-2022-36966
Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds Platform...
SolarWinds Orion Platform<2020.2.6
SolarWinds Orion Platform=2020.2.6
SolarWinds Orion Platform=2020.2.6-hotfix1
SolarWinds Orion Platform=2020.2.6-hotfix2
SolarWinds Orion Platform=2020.2.6-hotfix3
SolarWinds Orion Platform=2020.2.6-hotfix4
and 3 more
CVE-2022-36958
SolarWinds Network Performance Monitor DeserializeFromStrippedXml Deserialization of Untrusted Data Remote Code Execution Vulnerability
SolarWinds Network Performance Monitor
SolarWinds Orion Platform<2020.2.6
SolarWinds Orion Platform=2020.2.6
SolarWinds Orion Platform=2020.2.6-hotfix1
SolarWinds Orion Platform=2020.2.6-hotfix2
SolarWinds Orion Platform=2020.2.6-hotfix3
and 4 more
CVE-2022-36957
SolarWinds Network Performance Monitor PropertyBagJsonConverter Deserialization of Untrusted Data Remote Code Execution Vulnerability
SolarWinds Network Performance Monitor
SolarWinds Orion Platform<2020.2.6
SolarWinds Orion Platform=2020.2.6
SolarWinds Orion Platform=2020.2.6-hotfix1
SolarWinds Orion Platform=2020.2.6-hotfix2
SolarWinds Orion Platform=2020.2.6-hotfix3
and 4 more
CVE-2022-36961
A vulnerable component of Orion Platform was vulnerable to SQL Injection, an authenticated attacker could leverage this for privilege escalation or remote code execution.
SolarWinds Orion Platform<=2022.2.0
CVE-2021-35234
SolarWinds Network Performance Monitor SendSyslog Exposed Dangerous Function Privilege Escalation Vulnerability
SolarWinds Network Performance Monitor
SolarWinds Orion Platform<=2020.2.5
SolarWinds Orion Platform=2020.2.6
SolarWinds Orion Platform=2020.2.6-hotfix1
SolarWinds Orion Platform=2020.2.6-hotfix2
CVE-2021-35244
SolarWinds Orion Platform Unrestricted File Upload Remote Code Execution Vulnerability
SolarWinds Orion Platform<2020.2.6
SolarWinds Orion Platform=2020.2.6
SolarWinds Orion Platform=2020.2.6-hotfix1
SolarWinds Orion Platform=2020.2.6-hotfix2
Microsoft Windows
SolarWinds Orion Platform
CVE-2021-35248
It has been reported that any Orion user, e.g. guest accounts can query the Orion.UserSettings entity and enumerate users and their basic settings.
SolarWinds Orion Platform<2020.2.6
SolarWinds Orion Platform=2020.2.6
SolarWinds Orion Platform=2020.2.6-hotfix1
SolarWinds Orion Platform=2020.2.6-hotfix2
Microsoft Windows
CVE-2021-35215
SolarWinds Orion Platform ActionPluginBaseView Deserialization of Untrusted Data Remote Code Execution Vulnerability
SolarWinds Orion Platform
SolarWinds Orion Platform<=2020.2.5
CVE-2021-35238
SolarWinds Orion Platform<=2020.2.5
SolarWinds Orion Platform=2020.2.6
CVE-2021-35212
SolarWinds Orion Network Performance Monitor DisableNOCView SQL Injection Privilege Escalation Vulnerability
SolarWinds Orion Platform=2019.2
SolarWinds Orion Platform=2019.4
SolarWinds Orion Platform=2020.2.1
SolarWinds Orion Platform=2020.2.4
SolarWinds Orion Platform=2020.2.5
SolarWinds Orion Network Performance Monitor
CVE-2021-35240
A security researcher stored XSS via a Help Server setting. This affects customers using Internet Explorer, because they do not support 'rel=noopener'.
SolarWinds Orion Platform<=2020.2.5
Microsoft Internet Explorer
CVE-2021-35239
A security researcher found a user with Orion map manage rights could store XSS through via text box hyperlink.
SolarWinds Orion Platform<=2020.2.5
SolarWinds Orion Platform=2020.2.6
CVE-2021-35213
SolarWinds Orion Platform NCM SCM IPAM SaveUserSetting Improper Access Control Privilege Escalation Vulnerability
SolarWinds Orion Platform
SolarWinds Orion Platform<=2020.2.5
Microsoft Windows
CVE-2021-35221
SolarWinds Orion Platform<2020.2.6
Microsoft Windows
CVE-2021-35222
This vulnerability allows attackers to impersonate users and perform arbitrary actions leading to a Remote Code Execution (RCE) from the Alerts Settings page.
SolarWinds Orion Platform<2020.2.6
Microsoft Windows
CVE-2021-35219
SolarWinds Orion Platform<2020.2.6
CVE-2021-35220
Command Injection vulnerability in EmailWebPage API which can lead to a Remote Code Execution (RCE) from the Alerts Settings page.
SolarWinds Orion Platform<2020.2.6
CVE-2021-28674
The node management page in SolarWinds Orion Platform before 2020.2.5 HF1 allows an attacker to create or delete a node (outside of the attacker's perimeter) via an account with write permissions. Thi...
SolarWinds Orion Platform<=2020.2.5
CVE-2021-27277
SolarWinds Orion Virtual Infrastructure Monitor OneTimeJobSchedulerEventsService Deserialization of Untrusted Data Privilege Escalation Vulnerability
SolarWinds Orion Platform=2020.2
CVE-2021-27258
SolarWinds Orion Platform NCM SCM IPAM SaveUserSetting Improper Access Control Privilege Escalation Vulnerability
SolarWinds Orion Platform
SolarWinds Orion Platform=2020.2
CVE-2021-25274
The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ (Microsoft Message Queue) and doesn't set permissions on its private queues. As a result, remote unauthenticated clients ca...
SolarWinds Orion Platform<2020.2.4
CVE-2021-25275
SolarWinds Orion Platform before 2020.2.4, as used by various SolarWinds products, installs and uses a SQL Server backend, and stores database credentials to access this backend in a file readable by ...
SolarWinds Orion Platform<2020.2.4
CVE-2020-10148
SolarWinds Orion Authentication Bypass Vulnerability
SolarWinds Orion Platform=2019.4-hotfix5
SolarWinds Orion Platform=2020.2
SolarWinds Orion Platform=2020.2.1-hotfix1
CVE-2020-13169
Stored XSS (Cross-Site Scripting) exists in the SolarWinds Orion Platform before before 2020.2.1 on multiple forms and pages. This vulnerability may lead to the Information Disclosure and Escalation o...
SolarWinds Orion Platform<2020.2.1
CVE-2019-12864
SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) is vulnerable to Information Leakage, because of improper error handling with stack traces, as demonstrated by discovering a full pathnam...
Solarwinds Netpath=1.1.4
SolarWinds Network Performance Monitor=12.4
SolarWinds Orion Platform=2018.4-hotfix3
CVE-2019-12863
SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) allows Stored HTML Injection by administrators via the Web Console Settings screen.
Solarwinds Netpath=1.1.4
SolarWinds Network Performance Monitor=12.4
SolarWinds Orion Platform=2018.4-hotfix3
CVE-2019-17125
A Reflected Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many forms. An attacker can inject an Angular expression and escape the Ang...
SolarWinds Orion Platform=2019.2-hotfix1
CVE-2019-17127
A Stored Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many application forms. An attacker can inject an Angular expression and escap...
SolarWinds Orion Platform=2019.2-hotfix1
CVE-2019-9546
SolarWinds Orion Platform before 2018.4 Hotfix 2 allows privilege escalation through the RabbitMQ service.
SolarWinds Orion Platform<2018.4
SolarWinds Orion Platform=2018.4
SolarWinds Orion Platform=2018.4-hotfix1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203