Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Orion_platform
(Solarwinds)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 49 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-02-15 | CVE-2022-47504 | SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands. | Orion_platform | 7.2 | ||
| 2023-02-15 | CVE-2022-47506 | SolarWinds Platform was susceptible to the Directory Traversal Vulnerability. This vulnerability allows a local adversary with authenticated account access to edit the default configuration, enabling the execution of arbitrary commands. | Orion_platform | 7.8 | ||
| 2023-02-15 | CVE-2022-47507 | SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands. | Orion_platform | 7.2 | ||
| 2023-02-15 | CVE-2023-23836 | SolarWinds Platform version 2022.4.1 was found to be susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to the SolarWinds Web Console to execute arbitrary commands. | Orion_platform | 7.2 | ||
| 2023-04-21 | CVE-2022-36963 | The SolarWinds Platform was susceptible to the Command Injection Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform admin account to execute arbitrary commands. | Orion_platform | 7.2 | ||
| 2023-04-21 | CVE-2022-47505 | The SolarWinds Platform was susceptible to the Local Privilege Escalation Vulnerability. This vulnerability allows a local adversary with a valid system user account to escalate local privileges. | Orion_platform | 7.8 | ||
| 2023-04-21 | CVE-2022-47509 | The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform account to append URL parameters to inject HTML. | Orion_platform | 6.1 | ||
| 2023-09-13 | CVE-2023-23840 | The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges. | Orion_platform | 7.2 | ||
| 2023-09-13 | CVE-2023-23845 | The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges. | Orion_platform | 7.2 | ||
| 2020-05-04 | CVE-2019-12864 | SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) is vulnerable to Information Leakage, because of improper error handling with stack traces, as demonstrated by discovering a full pathname upon a 500 Internal Server Error via the api2/swis/query?lang=en-us&swAlertOnError=false query parameter. | Netpath, Network_performance_monitor, Orion_platform | 5.5 |