Security News > 2021 > March > SolarWinds patches critical code execution bug in Orion Platform

SolarWinds patches critical code execution bug in Orion Platform
2021-03-26 13:19

SolarWinds has released security updates to address four vulnerabilities impacting the company's Orion IT monitoring platform, two of them allowing attackers to execute arbitrary code remotely.

The highest severity security flaw patched by SolarWinds on Thursday is a critical JSON deserialization bug that remote attackers can exploit to execute arbitrary code through Orion Platform Action Manager's test alert actions.

A second RCE vulnerability rated as high severity that attackers could use to execute arbitrary code remotely as an Administrator was addressed in the SolarWinds Orion Job Scheduler.

"If you are upgrading from Orion Platform 2015.1.3 or later, use the SolarWinds Orion Installer to simultaneously upgrade your entire Orion deployment to the current versions," SolarWinds explained.

Admins upgrading from an Orion Platform 2019.2 installation don't need to download the Orion Installer first.

SolarWinds patch three other critical vulnerabilities last month, one of them allowing remote unauthenticated threat actors to take over Orion servers.


News URL

https://www.bleepingcomputer.com/news/security/solarwinds-patches-critical-code-execution-bug-in-orion-platform/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Solarwinds 44 0 80 95 40 215