Skip to main content

Orion Platform

33 CVEs product

Monthly

CVE-2023-23845 HIGH This Week

The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Orion Platform
NVD
CVSS 3.1
7.2
EPSS
5.4%
CVE-2023-23840 HIGH This Week

The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Orion Platform
NVD
CVSS 3.1
7.2
EPSS
5.4%
CVE-2023-23836 HIGH This Week

SolarWinds Platform version 2022.4.1 was found to be susceptible to the Deserialization of Untrusted Data. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Orion Platform
NVD
CVSS 3.1
7.2
EPSS
80.3%
CVE-2022-36964 HIGH This Week

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Orion Platform
NVD
CVSS 3.1
8.8
EPSS
16.8%
CVE-2022-36962 HIGH This Week

SolarWinds Platform was susceptible to Command Injection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Orion Platform
NVD
CVSS 3.1
7.2
EPSS
9.0%
CVE-2022-36960 HIGH This Week

SolarWinds Platform was susceptible to Improper Input Validation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Orion Platform
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-38108 HIGH POC THREAT Act Now

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Orion Platform
NVD
CVSS 3.1
7.2
EPSS
69.5%
CVE-2022-36966 MEDIUM This Month

Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Orion Platform
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-36958 HIGH This Week

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Orion Platform
NVD
CVSS 3.1
8.8
EPSS
82.7%
CVE-2022-36957 HIGH This Week

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Orion Platform
NVD
CVSS 3.1
7.2
EPSS
12.3%
CVE-2022-36961 HIGH This Week

A vulnerable component of Orion Platform was vulnerable to SQL Injection, an authenticated attacker could leverage this for privilege escalation or remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE SQLi Privilege Escalation Orion Platform
NVD
CVSS 3.1
8.8
EPSS
75.2%
CVE-2021-35248 MEDIUM This Month

It has been reported that any Orion user, e.g. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Orion Platform
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2021-35244 HIGH This Week

The "Log alert to a file" action within action management enables any Orion Platform user with Orion alert management rights to write to any file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Orion Platform
NVD
CVSS 3.1
7.2
EPSS
5.8%
CVE-2021-35234 HIGH This Week

Numerous exposed dangerous functions within Orion Core has allows for read-only SQL injection leading to privileged escalation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Orion Platform
NVD
CVSS 3.1
8.8
EPSS
2.8%
CVE-2021-35218 HIGH This Week

Deserialization of Untrusted Data in the Web Console Chart Endpoint can lead to remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE Orion Platform
NVD
CVSS 3.1
8.8
EPSS
76.4%
CVE-2021-35215 HIGH PATCH This Week

Insecure deserialization leading to Remote Code Execution was detected in the Orion Platform version 2020.2.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization RCE Orion Platform
NVD
CVSS 3.1
8.8
EPSS
69.7%
CVE-2021-35238 MEDIUM This Month

User with Orion Platform Admin Rights could store XSS through URL POST parameter in CreateExternalWebsite website. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

XSS Orion Platform
NVD
CVSS 3.1
4.8
EPSS
1.1%
CVE-2021-35212 HIGH PATCH This Week

An SQL injection Privilege Escalation Vulnerability was discovered in the Orion Platform reported by the ZDI Team. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi Privilege Escalation Orion Platform
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-35240 MEDIUM PATCH This Month

A security researcher stored XSS via a Help Server setting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Orion Platform
NVD
CVSS 3.1
4.8
EPSS
1.1%
CVE-2021-35239 MEDIUM This Month

A security researcher found a user with Orion map manage rights could store XSS through via text box hyperlink. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Orion Platform
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2021-35213 HIGH This Week

An Improper Access Control Privilege Escalation Vulnerability was discovered in the User Setting of Orion Platform version 2020.2.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Orion Platform
NVD
CVSS 3.1
8.8
EPSS
3.4%
CVE-2021-35222 CRITICAL PATCH Act Now

This vulnerability allows attackers to impersonate users and perform arbitrary actions leading to a Remote Code Execution (RCE) from the Alerts Settings page. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

RCE XSS Orion Platform
NVD
CVSS 3.1
9.6
EPSS
2.6%
CVE-2021-35221 HIGH PATCH This Week

Improper Access Control Tampering Vulnerability using ImportAlert function which can lead to a Remote Code Execution (RCE) from the Alerts Settings page. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

RCE Authentication Bypass Orion Platform
NVD
CVSS 3.1
8.1
EPSS
2.0%
CVE-2021-35220 HIGH PATCH This Week

Command Injection vulnerability in EmailWebPage API which can lead to a Remote Code Execution (RCE) from the Alerts Settings page. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

RCE Command Injection Orion Platform
NVD
CVSS 3.1
7.2
EPSS
2.5%
CVE-2021-35219 MEDIUM PATCH This Month

ExportToPdfCmd Arbitrary File Read Information Disclosure Vulnerability using ImportAlert function within the Alerts Settings page. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Orion Platform
NVD
CVSS 3.1
4.9
EPSS
0.8%
CVE-2021-28674 MEDIUM PATCH This Month

The node management page in SolarWinds Orion Platform before 2020.2.5 HF1 allows an attacker to create or delete a node (outside of the attacker's perimeter) via an account with write permissions. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Orion Platform
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2021-27277 HIGH This Week

This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Orion Virtual Infrastructure Monitor 2020.2. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Deserialization RCE Orion Platform
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2021-27258 CRITICAL Act Now

This vulnerability allows remote attackers to execute escalate privileges on affected installations of SolarWinds Orion Platform 2020.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Orion Platform
NVD
CVSS 3.1
9.8
EPSS
4.0%
CVE-2021-3109 MEDIUM This Month

The custom menu item options page in SolarWinds Orion Platform before 2020.2.5 allows Reverse Tabnabbing in the context of an administrator account. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Orion Platform
NVD
CVSS 3.1
4.8
EPSS
0.8%
CVE-2021-25275 HIGH POC This Week

SolarWinds Orion Platform before 2020.2.4, as used by various SolarWinds products, installs and uses a SQL Server backend, and stores database credentials to access this backend in a file readable by. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Orion Platform
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2021-25274 CRITICAL POC THREAT Act Now

The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ (Microsoft Message Queue) and doesn't set permissions on its private queues. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Microsoft RCE Orion Platform
NVD
CVSS 3.1
9.8
EPSS
36.4%
CVE-2020-13169 CRITICAL Act Now

Stored XSS (Cross-Site Scripting) exists in the SolarWinds Orion Platform before before 2020.2.1 on multiple forms and pages. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Information Disclosure Orion Platform
NVD
CVSS 3.1
9.0
EPSS
2.2%
CVE-2019-9546 CRITICAL Act Now

SolarWinds Orion Platform before 2018.4 Hotfix 2 allows privilege escalation through the RabbitMQ service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Orion Platform
NVD GitHub
CVSS 3.0
9.8
EPSS
2.8%
EPSS 5% CVSS 7.2
HIGH This Week

The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Orion Platform
NVD
EPSS 5% CVSS 7.2
HIGH This Week

The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Orion Platform
NVD
EPSS 80% CVSS 7.2
HIGH This Week

SolarWinds Platform version 2022.4.1 was found to be susceptible to the Deserialization of Untrusted Data. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Orion Platform
NVD
EPSS 17% CVSS 8.8
HIGH This Week

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Orion Platform
NVD
EPSS 9% CVSS 7.2
HIGH This Week

SolarWinds Platform was susceptible to Command Injection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Orion Platform
NVD
EPSS 1% CVSS 8.8
HIGH This Week

SolarWinds Platform was susceptible to Improper Input Validation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Orion Platform
NVD
EPSS 70% CVSS 7.2
HIGH POC THREAT Act Now

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Orion Platform
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Orion Platform
NVD
EPSS 83% CVSS 8.8
HIGH This Week

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Orion Platform
NVD
EPSS 12% CVSS 7.2
HIGH This Week

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Orion Platform
NVD
EPSS 75% CVSS 8.8
HIGH This Week

A vulnerable component of Orion Platform was vulnerable to SQL Injection, an authenticated attacker could leverage this for privilege escalation or remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE SQLi Privilege Escalation +1
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

It has been reported that any Orion user, e.g. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Orion Platform
NVD
EPSS 6% CVSS 7.2
HIGH This Week

The "Log alert to a file" action within action management enables any Orion Platform user with Orion alert management rights to write to any file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Orion Platform
NVD
EPSS 3% CVSS 8.8
HIGH This Week

Numerous exposed dangerous functions within Orion Core has allows for read-only SQL injection leading to privileged escalation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Orion Platform
NVD
EPSS 76% CVSS 8.8
HIGH This Week

Deserialization of Untrusted Data in the Web Console Chart Endpoint can lead to remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE Orion Platform
NVD
EPSS 70% CVSS 8.8
HIGH PATCH This Week

Insecure deserialization leading to Remote Code Execution was detected in the Orion Platform version 2020.2.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization RCE Orion Platform
NVD
EPSS 1% CVSS 4.8
MEDIUM This Month

User with Orion Platform Admin Rights could store XSS through URL POST parameter in CreateExternalWebsite website. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

XSS Orion Platform
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

An SQL injection Privilege Escalation Vulnerability was discovered in the Orion Platform reported by the ZDI Team. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi Privilege Escalation Orion Platform
NVD
EPSS 1% CVSS 4.8
MEDIUM PATCH This Month

A security researcher stored XSS via a Help Server setting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Orion Platform
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

A security researcher found a user with Orion map manage rights could store XSS through via text box hyperlink. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Orion Platform
NVD
EPSS 3% CVSS 8.8
HIGH This Week

An Improper Access Control Privilege Escalation Vulnerability was discovered in the User Setting of Orion Platform version 2020.2.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Orion Platform
NVD
EPSS 3% CVSS 9.6
CRITICAL PATCH Act Now

This vulnerability allows attackers to impersonate users and perform arbitrary actions leading to a Remote Code Execution (RCE) from the Alerts Settings page. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

RCE XSS Orion Platform
NVD
EPSS 2% CVSS 8.1
HIGH PATCH This Week

Improper Access Control Tampering Vulnerability using ImportAlert function which can lead to a Remote Code Execution (RCE) from the Alerts Settings page. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

RCE Authentication Bypass Orion Platform
NVD
EPSS 2% CVSS 7.2
HIGH PATCH This Week

Command Injection vulnerability in EmailWebPage API which can lead to a Remote Code Execution (RCE) from the Alerts Settings page. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

RCE Command Injection Orion Platform
NVD
EPSS 1% CVSS 4.9
MEDIUM PATCH This Month

ExportToPdfCmd Arbitrary File Read Information Disclosure Vulnerability using ImportAlert function within the Alerts Settings page. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Orion Platform
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

The node management page in SolarWinds Orion Platform before 2020.2.5 HF1 allows an attacker to create or delete a node (outside of the attacker's perimeter) via an account with write permissions. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Orion Platform
NVD
EPSS 1% CVSS 7.8
HIGH This Week

This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Orion Virtual Infrastructure Monitor 2020.2. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Deserialization RCE Orion Platform
NVD
EPSS 4% CVSS 9.8
CRITICAL Act Now

This vulnerability allows remote attackers to execute escalate privileges on affected installations of SolarWinds Orion Platform 2020.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Orion Platform
NVD
EPSS 1% CVSS 4.8
MEDIUM This Month

The custom menu item options page in SolarWinds Orion Platform before 2020.2.5 allows Reverse Tabnabbing in the context of an administrator account. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Orion Platform
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

SolarWinds Orion Platform before 2020.2.4, as used by various SolarWinds products, installs and uses a SQL Server backend, and stores database credentials to access this backend in a file readable by. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Orion Platform
NVD
EPSS 36% CVSS 9.8
CRITICAL POC THREAT Act Now

The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ (Microsoft Message Queue) and doesn't set permissions on its private queues. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Microsoft RCE +1
NVD
EPSS 2% CVSS 9.0
CRITICAL Act Now

Stored XSS (Cross-Site Scripting) exists in the SolarWinds Orion Platform before before 2020.2.1 on multiple forms and pages. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Information Disclosure Orion Platform
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

SolarWinds Orion Platform before 2018.4 Hotfix 2 allows privilege escalation through the RabbitMQ service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Orion Platform
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy