Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
orion platform vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2021-35239
A security researcher found a user with Orion map manage rights could store XSS through via text box hyperlink.
Solarwinds Orion Platform
Solarwinds Orion Platform 2020.2.6
4.3
CVSSv3
CVE-2021-35248
It has been reported that any Orion user, e.g. guest accounts can query the Orion.UserSettings entity and enumerate users and their basic settings.
Solarwinds Orion Platform
Solarwinds Orion Platform 2020.2.6
9.8
CVSSv3
CVE-2019-9546
SolarWinds Orion Platform prior to 2018.4 Hotfix 2 allows privilege escalation through the RabbitMQ service.
Solarwinds Orion Platform 2018.4
Solarwinds Orion Platform
8.8
CVSSv3
CVE-2021-35234
Numerous exposed dangerous functions within Orion Core has allows for read-only SQL injection leading to privileged escalation. An attacker with low-user privileges may steal password hashes and password salt information.
Solarwinds Orion Platform
Solarwinds Orion Platform 2020.2.6
7.2
CVSSv3
CVE-2021-35244
The "Log alert to a file" action within action management enables any Orion Platform user with Orion alert management rights to write to any file. An attacker with Orion alert management rights could use this vulnerability to perform an unrestricted file upload causing ...
Solarwinds Orion Platform
Solarwinds Orion Platform 2020.2.6
4.8
CVSSv3
CVE-2021-3109
The custom menu item options page in SolarWinds Orion Platform prior to 2020.2.5 allows Reverse Tabnabbing in the context of an administrator account.
Solarwinds Orion Platform
9
CVSSv3
CVE-2020-13169
Stored XSS (Cross-Site Scripting) exists in the SolarWinds Orion Platform before prior to 2020.2.1 on multiple forms and pages. This vulnerability may lead to the Information Disclosure and Escalation of Privileges (takeover of administrator account).
Solarwinds Orion Platform
9.8
CVSSv3
CVE-2021-25274
The Collector Service in SolarWinds Orion Platform prior to 2020.2.4 uses MSMQ (Microsoft Message Queue) and doesn't set permissions on its private queues. As a result, remote unauthenticated clients can send messages to TCP port 1801 that the Collector Service will process....
Solarwinds Orion Platform
1 Article
7.8
CVSSv3
CVE-2021-25275
SolarWinds Orion Platform prior to 2020.2.4, as used by various SolarWinds products, installs and uses a SQL Server backend, and stores database credentials to access this backend in a file readable by unprivileged users. As a result, any user having access to the filesystem can ...
Solarwinds Orion Platform
1 Github repository
7.8
CVSSv3
CVE-2022-47505
The SolarWinds Platform was susceptible to the Local Privilege Escalation Vulnerability. This vulnerability allows a local adversary with a valid system user account to escalate local privileges.
Solarwinds Orion Platform
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »