Lucene search

K
SolarwindsOrion Platform2020.2.6

12 matches found

CVE
CVE
added 2021/09/01 12:15 p.m.78 views

CVE-2021-35238

User with Orion Platform Admin Rights could store XSS through URL POST parameter in CreateExternalWebsite website.

4.8CVSS5.3AI score0.00207EPSS
CVE
CVE
added 2021/08/31 4:15 p.m.75 views

CVE-2021-35239

A security researcher found a user with Orion map manage rights could store XSS through via text box hyperlink.

7.5CVSS6AI score0.00157EPSS
CVE
CVE
added 2022/10/20 9:15 p.m.74 views

CVE-2022-38108

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

7.2CVSS7.3AI score0.8543EPSS
CVE
CVE
added 2022/10/20 9:15 p.m.58 views

CVE-2022-36957

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

7.2CVSS7.5AI score0.01193EPSS
CVE
CVE
added 2021/12/20 9:15 p.m.57 views

CVE-2021-35244

The "Log alert to a file" action within action management enables any Orion Platform user with Orion alert management rights to write to any file. An attacker with Orion alert management rights could use this vulnerability to perform an unrestricted file upload causing a remote code execution.

8.5CVSS7.2AI score0.19199EPSS
CVE
CVE
added 2022/11/29 9:15 p.m.56 views

CVE-2022-36960

SolarWinds Platform was susceptible to Improper Input Validation. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to escalate user privileges.

8.8CVSS8.8AI score0.00094EPSS
CVE
CVE
added 2022/11/29 9:15 p.m.56 views

CVE-2022-36964

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands.

8.8CVSS8.9AI score0.01394EPSS
CVE
CVE
added 2021/12/20 9:15 p.m.54 views

CVE-2021-35234

Numerous exposed dangerous functions within Orion Core has allows for read-only SQL injection leading to privileged escalation. An attacker with low-user privileges may steal password hashes and password salt information.

8.8CVSS8.6AI score0.00928EPSS
CVE
CVE
added 2022/10/20 9:15 p.m.48 views

CVE-2022-36958

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands.

8.8CVSS8.9AI score0.14597EPSS
CVE
CVE
added 2022/11/29 9:15 p.m.47 views

CVE-2022-36962

SolarWinds Platform was susceptible to Command Injection. This vulnerability allows a remote adversary with complete control over the SolarWinds database to execute arbitrary commands.

7.2CVSS7.5AI score0.00195EPSS
CVE
CVE
added 2022/10/20 9:15 p.m.47 views

CVE-2022-36966

Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds Platform 2022.3 and previous.

5.4CVSS5.9AI score0.00205EPSS
CVE
CVE
added 2021/12/20 9:15 p.m.38 views

CVE-2021-35248

It has been reported that any Orion user, e.g. guest accounts can query the Orion.UserSettings entity and enumerate users and their basic settings.

6.8CVSS4.9AI score0.00268EPSS