Skip to main content

Orion Platform CVE-2019-9546

CRITICAL
Uncontrolled Search Path Element (CWE-427)
2019-03-01 cve@mitre.org
9.8
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Mar 01, 2019 - 22:29 nvd
CRITICAL 9.8

DescriptionNVD

SolarWinds Orion Platform before 2018.4 Hotfix 2 allows privilege escalation through the RabbitMQ service.

AnalysisAI

SolarWinds Orion Platform before 2018.4 Hotfix 2 allows privilege escalation through the RabbitMQ service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-427. SolarWinds Orion Platform before 2018.4 Hotfix 2 allows privilege escalation through the RabbitMQ service. Affected products include: Solarwinds Orion Platform. Version information: before 2018.4.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2022-38108 HIGH POC
7.2 Oct 20

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. Rated high severity (CVSS 7.2), this vulne

CVE-2021-25274 CRITICAL POC
9.8 Feb 03

The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ (Microsoft Message Queue) and doesn't set p

CVE-2021-25275 HIGH POC
7.8 Feb 03

SolarWinds Orion Platform before 2020.2.4, as used by various SolarWinds products, installs and uses a SQL Server backen

CVE-2021-27258 CRITICAL
9.8 Apr 14

This vulnerability allows remote attackers to execute escalate privileges on affected installations of SolarWinds Orion

CVE-2021-35222 CRITICAL
9.6 Aug 31

This vulnerability allows attackers to impersonate users and perform arbitrary actions leading to a Remote Code Executio

CVE-2020-13169 CRITICAL
9.0 Sep 17

Stored XSS (Cross-Site Scripting) exists in the SolarWinds Orion Platform before before 2020.2.1 on multiple forms and p

CVE-2022-36964 HIGH
8.8 Nov 29

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. Rated high severity (CVSS 8.8), this vulne

CVE-2022-36960 HIGH
8.8 Nov 29

SolarWinds Platform was susceptible to Improper Input Validation. Rated high severity (CVSS 8.8), this vulnerability is

CVE-2022-36958 HIGH
8.8 Oct 20

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. Rated high severity (CVSS 8.8), this vulne

CVE-2022-36961 HIGH
8.8 Sep 30

A vulnerable component of Orion Platform was vulnerable to SQL Injection, an authenticated attacker could leverage this

CVE-2021-35234 HIGH
8.8 Dec 20

Numerous exposed dangerous functions within Orion Core has allows for read-only SQL injection leading to privileged esca

CVE-2021-35218 HIGH
8.8 Sep 01

Deserialization of Untrusted Data in the Web Console Chart Endpoint can lead to remote code execution. Rated high severi

Share

CVE-2019-9546 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy