Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Orion_platform
(Solarwinds)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 49 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-09-01 | CVE-2021-35215 | Insecure deserialization leading to Remote Code Execution was detected in the Orion Platform version 2020.2.5. Authentication is required to exploit this vulnerability. | Orion_platform | 8.8 | ||
| 2021-09-01 | CVE-2021-35218 | Deserialization of Untrusted Data in the Web Console Chart Endpoint can lead to remote code execution. An unauthorized attacker who has network access to the Orion Patch Manager Web Console could potentially exploit this and compromise the server | Orion_platform | 8.8 | ||
| 2021-08-31 | CVE-2021-35222 | This vulnerability allows attackers to impersonate users and perform arbitrary actions leading to a Remote Code Execution (RCE) from the Alerts Settings page. | Orion_platform | 9.6 | ||
| 2021-08-31 | CVE-2021-35240 | A security researcher stored XSS via a Help Server setting. This affects customers using Internet Explorer, because they do not support 'rel=noopener'. | Orion_platform | 4.8 | ||
| 2021-09-01 | CVE-2021-35238 | User with Orion Platform Admin Rights could store XSS through URL POST parameter in CreateExternalWebsite website. | Orion_platform | 4.8 | ||
| 2021-08-31 | CVE-2021-35220 | Command Injection vulnerability in EmailWebPage API which can lead to a Remote Code Execution (RCE) from the Alerts Settings page. | Orion_platform | 7.2 | ||
| 2021-08-31 | CVE-2021-35239 | A security researcher found a user with Orion map manage rights could store XSS through via text box hyperlink. | Orion_platform | 5.4 | ||
| 2020-05-04 | CVE-2019-12864 | SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) is vulnerable to Information Leakage, because of improper error handling with stack traces, as demonstrated by discovering a full pathname upon a 500 Internal Server Error via the api2/swis/query?lang=en-us&swAlertOnError=false query parameter. | Netpath, Network_performance_monitor, Orion_platform | 5.5 | ||
| 2021-04-22 | CVE-2021-27277 | This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Orion Virtual Infrastructure Monitor 2020.2. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the OneTimeJobSchedulerEventsService WCF service. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data.... | Orion_platform | 7.8 | ||
| 2021-03-26 | CVE-2021-3109 | The custom menu item options page in SolarWinds Orion Platform before 2020.2.5 allows Reverse Tabnabbing in the context of an administrator account. | Orion_platform | 4.8 |