Vulnerabilities > Solarwinds > Orion Platform

DATE CVE VULNERABILITY TITLE RISK
2021-12-20 CVE-2021-35244 Unrestricted Upload of File with Dangerous Type vulnerability in Solarwinds Orion Platform
The "Log alert to a file" action within action management enables any Orion Platform user with Orion alert management rights to write to any file.
network
low complexity
solarwinds CWE-434
7.2
2021-12-20 CVE-2021-35248 Incorrect Permission Assignment for Critical Resource vulnerability in Solarwinds Orion Platform
It has been reported that any Orion user, e.g.
network
low complexity
solarwinds CWE-732
4.3
2021-09-01 CVE-2021-35215 Deserialization of Untrusted Data vulnerability in Solarwinds Orion Platform
Insecure deserialization leading to Remote Code Execution was detected in the Orion Platform version 2020.2.5.
network
low complexity
solarwinds CWE-502
8.8
2021-09-01 CVE-2021-35218 Deserialization of Untrusted Data vulnerability in Solarwinds Orion Platform
Deserialization of Untrusted Data in the Web Console Chart Endpoint can lead to remote code execution.
network
low complexity
solarwinds CWE-502
8.8
2021-09-01 CVE-2021-35238 Cross-site Scripting vulnerability in Solarwinds Orion Platform
User with Orion Platform Admin Rights could store XSS through URL POST parameter in CreateExternalWebsite website.
low complexity
solarwinds CWE-79
4.8
2021-08-31 CVE-2021-35212 SQL Injection vulnerability in Solarwinds Orion Platform
An SQL injection Privilege Escalation Vulnerability was discovered in the Orion Platform reported by the ZDI Team.
network
low complexity
solarwinds CWE-89
8.8
2021-08-31 CVE-2021-35213 Unspecified vulnerability in Solarwinds Orion Platform
An Improper Access Control Privilege Escalation Vulnerability was discovered in the User Setting of Orion Platform version 2020.2.5.
network
low complexity
solarwinds
8.8
2021-08-31 CVE-2021-35239 Cross-site Scripting vulnerability in Solarwinds Orion Platform
A security researcher found a user with Orion map manage rights could store XSS through via text box hyperlink.
network
low complexity
solarwinds CWE-79
5.4
2021-08-31 CVE-2021-35240 Cross-site Scripting vulnerability in Solarwinds Orion Platform
A security researcher stored XSS via a Help Server setting.
network
low complexity
solarwinds CWE-79
4.8
2021-08-31 CVE-2021-35221 Unspecified vulnerability in Solarwinds Orion Platform
Improper Access Control Tampering Vulnerability using ImportAlert function which can lead to a Remote Code Execution (RCE) from the Alerts Settings page.
network
low complexity
solarwinds
8.1