📦 Orion Platform
by Solarwinds
🔍 What is Orion Platform?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
This vulnerability allows unauthenticated remote attackers to escalate privileges from Guest to Administrator on SolarWinds Orion Platform installations. The flaw exists in the SaveUserSetting endpoin...
This vulnerability allows remote unauthenticated attackers to send malicious messages to SolarWinds Orion's Collector Service on TCP port 1801, which are then deserialized insecurely, leading to arbit...
CVE-2020-10148 is an authentication bypass vulnerability in SolarWinds Orion API that allows remote attackers to execute arbitrary API commands without valid credentials. This affects SolarWinds Orion...
This stored cross-site scripting (XSS) vulnerability in SolarWinds Orion Platform allows attackers to inject malicious scripts into multiple forms and pages. When exploited, it can lead to information...
This command injection vulnerability in SolarWinds Platform allows authenticated administrators to execute arbitrary system commands. Attackers with compromised admin credentials can gain full control...
CVE-2022-47506 is a directory traversal vulnerability in SolarWinds Platform that allows authenticated local attackers to modify default configurations and execute arbitrary commands. This affects org...
This vulnerability in SolarWinds Platform allows remote attackers with Orion admin-level account access to execute arbitrary commands through deserialization of untrusted data. It affects SolarWinds W...
This vulnerability in SolarWinds Orion Core allows authenticated low-privilege users to perform SQL injection attacks through exposed dangerous functions. Attackers can steal password hashes and salt ...
This vulnerability allows authenticated attackers to execute arbitrary code on SolarWinds Orion Platform servers through insecure deserialization. It affects organizations running Orion Platform versi...
This vulnerability allows remote code execution through deserialization of untrusted data in the SolarWinds Orion Patch Manager Web Console. An attacker with network access to the web console can expl...
CVE-2021-35212 is a blind Boolean SQL injection vulnerability in SolarWinds Orion Platform that allows authenticated users to escalate privileges and gain full read/write access to the Orion database,...
CVE-2021-35222 is a reflected cross-site scripting (XSS) vulnerability in SolarWinds Orion Platform that allows attackers to impersonate authenticated users and execute arbitrary JavaScript code. This...
CVE-2021-35220 is a command injection vulnerability in SolarWinds Orion Platform's EmailWebPage API that allows attackers to execute arbitrary commands on affected systems. This can lead to remote cod...
This vulnerability allows local attackers with low-privileged access to escalate privileges to SYSTEM level via insecure deserialization in SolarWinds Orion Virtual Infrastructure Monitor. Attackers c...
This vulnerability allows authenticated remote attackers to bypass authentication and create arbitrary files on SolarWinds Orion Platform installations. Attackers can leverage this to execute arbitrar...