Vulnerabilities > Solarwinds > Orion Platform
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-15 | CVE-2023-23836 | Deserialization of Untrusted Data vulnerability in Solarwinds Orion Platform 2022.4.1 SolarWinds Platform version 2022.4.1 was found to be susceptible to the Deserialization of Untrusted Data. | 7.2 |
| 2022-11-29 | CVE-2022-36960 | Improper Input Validation vulnerability in Solarwinds Orion Platform SolarWinds Platform was susceptible to Improper Input Validation. | 8.8 |
| 2022-11-29 | CVE-2022-36962 | Command Injection vulnerability in Solarwinds Orion Platform SolarWinds Platform was susceptible to Command Injection. | 7.2 |
| 2022-11-29 | CVE-2022-36964 | Deserialization of Untrusted Data vulnerability in Solarwinds Orion Platform SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. | 8.8 |
| 2022-10-20 | CVE-2022-36957 | Deserialization of Untrusted Data vulnerability in Solarwinds Orion Platform SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. | 7.2 |
| 2022-10-20 | CVE-2022-36958 | Deserialization of Untrusted Data vulnerability in Solarwinds Orion Platform SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. | 8.8 |
| 2022-10-20 | CVE-2022-36966 | Authorization Bypass Through User-Controlled Key vulnerability in Solarwinds Orion Platform Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds Platform 2022.3 and previous. | 5.4 |
| 2022-10-20 | CVE-2022-38108 | Deserialization of Untrusted Data vulnerability in Solarwinds Orion Platform SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. | 7.2 |
| 2022-09-30 | CVE-2022-36961 | SQL Injection vulnerability in Solarwinds Orion Platform A vulnerable component of Orion Platform was vulnerable to SQL Injection, an authenticated attacker could leverage this for privilege escalation or remote code execution. | 8.8 |
| 2021-12-20 | CVE-2021-35234 | SQL Injection vulnerability in Solarwinds Orion Platform Numerous exposed dangerous functions within Orion Core has allows for read-only SQL injection leading to privileged escalation. | 8.8 |