Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Orion_platform
(Solarwinds)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 49 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-11-29 | CVE-2022-36960 | SolarWinds Platform was susceptible to Improper Input Validation. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to escalate user privileges. | Orion_platform | 8.8 | ||
| 2022-11-29 | CVE-2022-36962 | SolarWinds Platform was susceptible to Command Injection. This vulnerability allows a remote adversary with complete control over the SolarWinds database to execute arbitrary commands. | Orion_platform | 7.2 | ||
| 2022-11-29 | CVE-2022-36964 | SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands. | Orion_platform | 8.8 | ||
| 2023-02-15 | CVE-2022-38111 | SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands. | Orion_platform | 7.2 | ||
| 2023-02-15 | CVE-2022-47503 | SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands. | Orion_platform | 7.2 | ||
| 2023-02-15 | CVE-2022-47504 | SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands. | Orion_platform | 7.2 | ||
| 2023-02-15 | CVE-2022-47506 | SolarWinds Platform was susceptible to the Directory Traversal Vulnerability. This vulnerability allows a local adversary with authenticated account access to edit the default configuration, enabling the execution of arbitrary commands. | Orion_platform | 7.8 | ||
| 2023-02-15 | CVE-2022-47507 | SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands. | Orion_platform | 7.2 | ||
| 2023-02-15 | CVE-2023-23836 | SolarWinds Platform version 2022.4.1 was found to be susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to the SolarWinds Web Console to execute arbitrary commands. | Orion_platform | 7.2 | ||
| 2023-04-21 | CVE-2022-36963 | The SolarWinds Platform was susceptible to the Command Injection Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform admin account to execute arbitrary commands. | Orion_platform | 7.2 |