Lucene search

K
SolarwindsOrion Platform2020.2.1

4 matches found

CVE
CVE
added 2020/12/29 10:15 p.m.1077 views

CVE-2020-10148

The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. This vulnerability could allow a remote attacker to bypass authentication and execute API commands which may result in a compromise of the SolarWinds instance. SolarWinds O...

9.8CVSS9.8AI score0.94345EPSS
CVE
CVE
added 2021/08/31 5:15 p.m.75 views

CVE-2021-35212

An SQL injection Privilege Escalation Vulnerability was discovered in the Orion Platform reported by the ZDI Team. A blind Boolean SQL injection which could lead to full read/write over the Orion database content including the Orion certificate for any authenticated user.

9CVSS9AI score0.01771EPSS
CVE
CVE
added 2021/02/10 11:15 p.m.61 views

CVE-2020-27870

This vulnerability allows remote attackers to disclose sensitive information on affected installations of SolarWinds Orion Platform 2020.2.1. Authentication is required to exploit this vulnerability. The specific flaw exists within ExportToPDF.aspx. The issue results from the lack of proper validat...

7.5CVSS6.2AI score0.03373EPSS
CVE
CVE
added 2021/02/10 11:15 p.m.59 views

CVE-2020-27871

This vulnerability allows remote attackers to create arbitrary files on affected installations of SolarWinds Orion Platform 2020.2.1. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within Vulnerabili...

9CVSS7.3AI score0.6602EPSS