CVE-2021-27258 — CVSS 9.8 (critical): This vulnerability allows remote attackers to execute escalate privileges on affected installations of SolarWinds Orion Platform 2020.2…
CVE-2021-25274 — CVSS 9.8 (critical): The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ (Microsoft Message Queue) and doesn't set permissions on its…
CVE-2019-9546 — CVSS 9.8 (critical): SolarWinds Orion Platform before 2018.4 Hotfix 2 allows privilege escalation through the RabbitMQ service.
CVE-2020-13169 — CVSS 9.0 (critical): Stored XSS (Cross-Site Scripting) exists in the SolarWinds Orion Platform before before 2020.2.1 on multiple forms and pages. This…
CVE-2021-35212 — CVSS 8.9 (high): An SQL injection Privilege Escalation Vulnerability was discovered in the Orion Platform reported by the ZDI Team. A blind Boolean SQL…
CVE-2021-35218 — CVSS 8.9 (high): Deserialization of Untrusted Data in the Web Console Chart Endpoint can lead to remote code execution. An unauthorized attacker who has…
CVE-2021-35215 — CVSS 8.9 (high): Insecure deserialization leading to Remote Code Execution was detected in the Orion Platform version 2020.2.5. Authentication is required…
CVE-2021-35213 — CVSS 8.9 (high): An Improper Access Control Privilege Escalation Vulnerability was discovered in the User Setting of Orion Platform version 2020.2.5. It…
CVE-2022-36964 — CVSS 8.8 (high): SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid…
CVE-2022-36961 — CVSS 8.8 (high): A vulnerable component of Orion Platform was vulnerable to SQL Injection, an authenticated attacker could leverage this for privilege…
CVE-2022-36960 — CVSS 8.8 (high): SolarWinds Platform was susceptible to Improper Input Validation. This vulnerability allows a remote adversary with valid access to…
CVE-2022-36958 — CVSS 8.8 (high): SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid…
CVE-2021-35220 — CVSS 8.1 (high): Command Injection vulnerability in EmailWebPage API which can lead to a Remote Code Execution (RCE) from the Alerts Settings page.
CVE-2021-35234 — CVSS 8.0 (high): Numerous exposed dangerous functions within Orion Core has allows for read-only SQL injection leading to privileged escalation. An attacker…
CVE-2021-35222 — CVSS 8.0 (high): This vulnerability allows attackers to impersonate users and perform arbitrary actions leading to a Remote Code Execution (RCE) from the…
CVE-2022-47506 — CVSS 7.8 (high): SolarWinds Platform was susceptible to the Directory Traversal Vulnerability. This vulnerability allows a local adversary with…
CVE-2021-25275 — CVSS 7.8 (high): SolarWinds Orion Platform before 2020.2.4, as used by various SolarWinds products, installs and uses a SQL Server backend, and stores…
CVE-2021-27277 — CVSS 7.8 (high): This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Orion Virtual Infrastructure…
CVE-2022-47505 — CVSS 7.8 (high): The SolarWinds Platform was susceptible to the Local Privilege Escalation Vulnerability. This vulnerability allows a local adversary with a…
CVE-2021-35239 — CVSS 7.5 (high): A security researcher found a user with Orion map manage rights could store XSS through via text box hyperlink.
CVE-2022-47504 — CVSS 7.2 (high): SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion…
CVE-2022-36962 — CVSS 7.2 (high): SolarWinds Platform was susceptible to Command Injection. This vulnerability allows a remote adversary with complete control over the…
CVE-2022-47507 — CVSS 7.2 (high): SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion…
CVE-2022-38111 — CVSS 7.2 (high): SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion…
CVE-2022-38108 — CVSS 7.2 (high): SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion…
CVE-2022-36963 — CVSS 7.2 (high): The SolarWinds Platform was susceptible to the Command Injection Vulnerability. This vulnerability allows a remote adversary with a valid…
CVE-2023-23836 — CVSS 7.2 (high): SolarWinds Platform version 2022.4.1 was found to be susceptible to the Deserialization of Untrusted Data. This vulnerability allows a…
CVE-2022-47503 — CVSS 7.2 (high): SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion…
CVE-2020-27871 — CVSS 7.2 (high): This vulnerability allows remote attackers to create arbitrary files on affected installations of SolarWinds Orion Platform 2020.2.1…
CVE-2022-36957 — CVSS 7.2 (high): SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion…
CVE-2023-23845 — CVSS 6.8 (medium): The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative…
CVE-2021-35248 — CVSS 6.8 (medium): It has been reported that any Orion user, e.g. guest accounts can query the Orion.UserSettings entity and enumerate users and their basic…
CVE-2021-35244 — CVSS 6.8 (medium): The "Log alert to a file" action within action management enables any Orion Platform user with Orion alert management rights to write to…
CVE-2023-23840 — CVSS 6.8 (medium): The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative…
CVE-2020-27870 — CVSS 6.5 (medium): This vulnerability allows remote attackers to disclose sensitive information on affected installations of SolarWinds Orion Platform…
CVE-2021-35240 — CVSS 6.5 (medium): A security researcher stored XSS via a Help Server setting. This affects customers using Internet Explorer, because they do not support…
CVE-2021-35221 — CVSS 6.3 (medium): Improper Access Control Tampering Vulnerability using ImportAlert function which can lead to a Remote Code Execution (RCE) from the Alerts…
CVE-2019-17125 — CVSS 6.1 (medium): A Reflected Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many forms. An…
CVE-2019-17127 — CVSS 6.1 (medium): A Stored Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many application…
CVE-2022-47509 — CVSS 6.1 (medium): The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability. This vulnerability allows a remote adversary…
CVE-2021-35219 — CVSS 6.0 (medium): ExportToPdfCmd Arbitrary File Read Information Disclosure Vulnerability using ImportAlert function within the Alerts Settings page.
CVE-2019-12864 — CVSS 5.5 (medium): SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) is vulnerable to Information Leakage, because of improper error handling…
CVE-2021-28674 — CVSS 5.4 (medium): The node management page in SolarWinds Orion Platform before 2020.2.5 HF1 allows an attacker to create or delete a node (outside of the…
CVE-2022-36966 — CVSS 5.4 (medium): Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct…
CVE-2021-35238 — CVSS 4.8 (medium): User with Orion Platform Admin Rights could store XSS through URL POST parameter in CreateExternalWebsite website.
CVE-2019-12863 — CVSS 4.8 (medium): SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) allows Stored HTML Injection by administrators via the Web Console Settings…
CVE-2020-35856 — CVSS 4.8 (medium): SolarWinds Orion Platform before 2020.2.5 allows stored XSS attacks by an administrator on the Customize View page.
CVE-2021-3109 — CVSS 4.8 (medium): The custom menu item options page in SolarWinds Orion Platform before 2020.2.5 allows Reverse Tabnabbing in the context of an administrator…