Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
solarwinds orion platform vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2022-36964
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands.
Solarwinds Orion Platform 2020.2.6
Solarwinds Orion Platform
Solarwinds Orion Platform 2022.2
Solarwinds Orion Platform 2022.3
8.8
CVSSv3
CVE-2022-36958
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands.
Solarwinds Orion Platform 2020.2.6
Solarwinds Orion Platform
Solarwinds Orion Platform 2022.2
Solarwinds Orion Platform 2022.3
8.8
CVSSv3
CVE-2022-36961
A vulnerable component of Orion Platform was vulnerable to SQL Injection, an authenticated attacker could leverage this for privilege escalation or remote code execution.
Solarwinds Orion Platform
8.8
CVSSv3
CVE-2021-35234
Numerous exposed dangerous functions within Orion Core has allows for read-only SQL injection leading to privileged escalation. An attacker with low-user privileges may steal password hashes and password salt information.
Solarwinds Orion Platform
Solarwinds Orion Platform 2020.2.6
8.8
CVSSv3
CVE-2021-35217
Insecure Deseralization of untrusted data remote code execution vulnerability exists in Patch Manager Orion Platform Integration module and reported to us by ZDI. An Authenticated Attacker could exploit it by executing WSAsyncExecuteTasks deserialization of untrusted data.
Solarwinds Patch Manager
8.8
CVSSv3
CVE-2021-35218
Deserialization of Untrusted Data in the Web Console Chart Endpoint can lead to remote code execution. An unauthorized attacker who has network access to the Orion Patch Manager Web Console could potentially exploit this and compromise the server
Solarwinds Orion Platform
8.8
CVSSv3
CVE-2021-35215
Insecure deserialization leading to Remote Code Execution was detected in the Orion Platform version 2020.2.5. Authentication is required to exploit this vulnerability.
Solarwinds Orion Platform
1 Github repository
8.8
CVSSv3
CVE-2021-35216
Insecure Deserialization of untrusted data remote code execution vulnerability exists in Patch Manager Orion Platform Integration module. An Authenticated Attacker with network access via HTTP can compromise this vulnerability can result in Remote Code Execution.
Solarwinds Patch Manager
8.8
CVSSv3
CVE-2021-35212
An SQL injection Privilege Escalation Vulnerability exists in the Orion Platform reported by the ZDI Team. A blind Boolean SQL injection which could lead to full read/write over the Orion database content including the Orion certificate for any authenticated user.
Solarwinds Orion Platform 2019.2
Solarwinds Orion Platform 2019.4
Solarwinds Orion Platform 2020.2.1
Solarwinds Orion Platform 2020.2.4
Solarwinds Orion Platform 2020.2.5
8.8
CVSSv3
CVE-2021-35213
An Improper Access Control Privilege Escalation Vulnerability exists in the User Setting of Orion Platform version 2020.2.5. It allows a guest user to elevate privileges to the Administrator using this vulnerability. Authentication is required to exploit the vulnerability.
Solarwinds Orion Platform
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »