Product
solarwinds orion platform
49 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2023-23845
CVE-2023-23840
CVE-2022-47509
CVE-2022-47505
CVE-2022-36963
CVE-2023-23836
CVE-2022-47507
CVE-2022-47506
CVE-2022-47504
CVE-2022-47503
CVE-2022-38111
CVE-2022-36964
CVE-2022-36962
CVE-2022-36960
CVE-2022-38108
CVE-2022-36966
CVE-2022-36958
CVE-2022-36957
CVE-2022-36961
CVE-2021-35248
CVE-2021-35244
CVE-2021-35234
CVE-2021-35218
CVE-2021-35215
CVE-2021-35238
CVE-2021-35212
CVE-2021-35240
CVE-2021-35239
CVE-2021-35213
CVE-2021-35222
CVE-2021-35221
CVE-2021-35220
CVE-2021-35219
CVE-2021-28674
CVE-2021-27277
CVE-2021-27258
CVE-2021-3109
CVE-2020-35856
CVE-2020-27871
CVE-2020-27870
CVE-2021-25275
CVE-2021-25274
CVE-2020-10148
CVE-2020-13169
CVE-2019-12864
CVE-2019-12863
CVE-2019-17127
CVE-2019-17125
CVE-2019-9546
< 2023.3.1
The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administra
< 2023.3.1
The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administra
< 2023.2
The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability. This vulnerability allows a remote ad
< 2023.2
The SolarWinds Platform was susceptible to the Local Privilege Escalation Vulnerability. This vulnerability allows a local adversa
< 2023.2
The SolarWinds Platform was susceptible to the Command Injection Vulnerability. This vulnerability allows a remote adversary with
all versions
SolarWinds Platform version 2022.4.1 was found to be susceptible to the Deserialization of Untrusted Data. This vulnerability allo
all versions
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Or
all versions
SolarWinds Platform was susceptible to the Directory Traversal Vulnerability. This vulnerability allows a local adversary with aut
all versions
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Or
all versions
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Or
all versions
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Or
< 2020.2.6
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with va
< 2020.2.6
SolarWinds Platform was susceptible to Command Injection. This vulnerability allows a remote adversary with complete control over
< 2020.2.6
SolarWinds Platform was susceptible to Improper Input Validation. This vulnerability allows a remote adversary with valid access t
< 2020.2.6
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Or
< 2020.2.6
Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecu
< 2020.2.6
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with va
< 2020.2.6
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Or
<= 2022.2.0
A vulnerable component of Orion Platform was vulnerable to SQL Injection, an authenticated attacker could leverage this for privil
< 2020.2.6
It has been reported that any Orion user, e.g. guest accounts can query the Orion.UserSettings entity and enumerate users and thei
< 2020.2.6
The "Log alert to a file" action within action management enables any Orion Platform user with Orion alert management rights to wr
<= 2020.2.5
Numerous exposed dangerous functions within Orion Core has allows for read-only SQL injection leading to privileged escalation. An
< 2020.2.6
Deserialization of Untrusted Data in the Web Console Chart Endpoint can lead to remote code execution. An unauthorized attacker wh
<= 2020.2.5
Insecure deserialization leading to Remote Code Execution was detected in the Orion Platform version 2020.2.5. Authentication is r
<= 2020.2.5
User with Orion Platform Admin Rights could store XSS through URL POST parameter in CreateExternalWebsite website.
all versions
An SQL injection Privilege Escalation Vulnerability was discovered in the Orion Platform reported by the ZDI Team. A blind Boolean
<= 2020.2.5
A security researcher stored XSS via a Help Server setting. This affects customers using Internet Explorer, because they do not su
<= 2020.2.5
A security researcher found a user with Orion map manage rights could store XSS through via text box hyperlink.
<= 2020.2.5
An Improper Access Control Privilege Escalation Vulnerability was discovered in the User Setting of Orion Platform version 2020.2.
< 2020.2.6
This vulnerability allows attackers to impersonate users and perform arbitrary actions leading to a Remote Code Execution (RCE) fr
< 2020.2.6
Improper Access Control Tampering Vulnerability using ImportAlert function which can lead to a Remote Code Execution (RCE) from th
< 2020.2.6
Command Injection vulnerability in EmailWebPage API which can lead to a Remote Code Execution (RCE) from the Alerts Settings page.
< 2020.2.6
ExportToPdfCmd Arbitrary File Read Information Disclosure Vulnerability using ImportAlert function within the Alerts Settings page
<= 2020.2.5
The node management page in SolarWinds Orion Platform before 2020.2.5 HF1 allows an attacker to create or delete a node (outside o
all versions
This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Orion Virtual Infrastruct
all versions
This vulnerability allows remote attackers to execute escalate privileges on affected installations of SolarWinds Orion Platform 2
< 2020.2.5
The custom menu item options page in SolarWinds Orion Platform before 2020.2.5 allows Reverse Tabnabbing in the context of an admi
< 2020.2.5
SolarWinds Orion Platform before 2020.2.5 allows stored XSS attacks by an administrator on the Customize View page.
all versions
This vulnerability allows remote attackers to create arbitrary files on affected installations of SolarWinds Orion Platform 2020.2
all versions
This vulnerability allows remote attackers to disclose sensitive information on affected installations of SolarWinds Orion Platfor
< 2020.2.4
SolarWinds Orion Platform before 2020.2.4, as used by various SolarWinds products, installs and uses a SQL Server backend, and sto
< 2020.2.4
The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ (Microsoft Message Queue) and doesn't set permissions
all versions
The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. Thi
< 2020.2.1
Stored XSS (Cross-Site Scripting) exists in the SolarWinds Orion Platform before 2020.2.1 on multiple forms and pages. This
all versions
SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) is vulnerable to Information Leakage, because of improper error han
all versions
SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) allows Stored HTML Injection by administrators via the Web Console
all versions
A Stored Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many app
all versions
A Reflected Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many
< 2018.4
SolarWinds Orion Platform before 2018.4 Hotfix 2 allows privilege escalation through the RabbitMQ service.