Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
solarwinds orion platform vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2021-35212
An SQL injection Privilege Escalation Vulnerability was discovered in the Orion Platform reported by the ZDI Team. A blind Boolean SQL injection which could lead to full read/write over the Orion database content including the Orion certificate for any authenticated user....
Solarwinds Orion Platform 2019.2
Solarwinds Orion Platform 2019.4
Solarwinds Orion Platform 2020.2.1
Solarwinds Orion Platform 2020.2.4
Solarwinds Orion Platform 2020.2.5
9.8
CVSSv3
CVE-2020-10148
The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. This vulnerability could allow a remote attacker to bypass authentication and execute API commands which may result in a compromise of the SolarWinds...
Solarwinds Orion Platform 2019.4
Solarwinds Orion Platform 2020.2
Solarwinds Orion Platform 2020.2.1
18 Github repositories available
1 Article available
5.4
CVSSv3
CVE-2021-35239
A security researcher found a user with Orion map manage rights could store XSS through via text box hyperlink....
Solarwinds Orion Platform
Solarwinds Orion Platform 2020.2.6
8.8
CVSSv3
CVE-2021-35234
Numerous exposed dangerous functions within Orion Core has allows for read-only SQL injection leading to privileged escalation. An attacker with low-user privileges may steal password hashes and password salt information....
Solarwinds Orion Platform
Solarwinds Orion Platform 2020.2.6
4.8
CVSSv3
CVE-2021-35238
User with Orion Platform Admin Rights could store XSS through URL POST parameter in CreateExternalWebsite website....
Solarwinds Orion Platform
Solarwinds Orion Platform 2020.2.6
9.8
CVSSv3
CVE-2019-9546
SolarWinds Orion Platform before 2018.4 Hotfix 2 allows privilege escalation through the RabbitMQ service....
Solarwinds Orion Platform 2018.4
Solarwinds Orion Platform
5.4
CVSSv3
CVE-2021-28674
The node management page in SolarWinds Orion Platform before 2020.2.5 HF1 allows an attacker to create or delete a node (outside of the attacker's perimeter) via an account with write permissions. This occurs because node IDs are predictable (with incrementing numbers) and...
Solarwinds Orion Platform
1 Github repository available
4.9
CVSSv3
CVE-2021-35219
ExportToPdfCmd Arbitrary File Read Information Disclosure Vulnerability using ImportAlert function within the Alerts Settings page....
Solarwinds Orion Platform
7.2
CVSSv3
CVE-2021-35220
Command Injection vulnerability in EmailWebPage API which can lead to a Remote Code Execution (RCE) from the Alerts Settings page....
Solarwinds Orion Platform
9.8
CVSSv3
CVE-2021-25274
The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ (Microsoft Message Queue) and doesn't set permissions on its private queues. As a result, remote unauthenticated clients can send messages to TCP port 1801 that the Collector Service will process....
Solarwinds Orion Platform
4 Articles available
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-32034
CVE-2022-2285
IMAP
CVE-2021-26855
CVE-2022-32030
CVE-2022-26763
inject
CVE-2022-32039
SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »
Vulmon