Vulnerabilities > Solarwinds > Orion Platform > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-21 | CVE-2022-47509 | Cross-site Scripting vulnerability in Solarwinds Orion Platform The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability. | 6.1 |
| 2022-10-20 | CVE-2022-36966 | Authorization Bypass Through User-Controlled Key vulnerability in Solarwinds Orion Platform Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds Platform 2022.3 and previous. | 5.4 |
| 2021-12-20 | CVE-2021-35248 | Incorrect Permission Assignment for Critical Resource vulnerability in Solarwinds Orion Platform It has been reported that any Orion user, e.g. | 4.3 |
| 2021-09-01 | CVE-2021-35215 | Deserialization of Untrusted Data vulnerability in Solarwinds Orion Platform Insecure deserialization leading to Remote Code Execution was detected in the Orion Platform version 2020.2.5. | 6.5 |
| 2021-09-01 | CVE-2021-35218 | Deserialization of Untrusted Data vulnerability in Solarwinds Orion Platform Deserialization of Untrusted Data in the Web Console Chart Endpoint can lead to remote code execution. | 6.5 |
| 2021-08-31 | CVE-2021-35222 | Cross-site Scripting vulnerability in Solarwinds Orion Platform This vulnerability allows attackers to impersonate users and perform arbitrary actions leading to a Remote Code Execution (RCE) from the Alerts Settings page. | 4.3 |
| 2021-08-31 | CVE-2021-35219 | Unspecified vulnerability in Solarwinds Orion Platform ExportToPdfCmd Arbitrary File Read Information Disclosure Vulnerability using ImportAlert function within the Alerts Settings page. | 4.0 |
| 2021-08-31 | CVE-2021-35220 | Command Injection vulnerability in Solarwinds Orion Platform Command Injection vulnerability in EmailWebPage API which can lead to a Remote Code Execution (RCE) from the Alerts Settings page. | 6.5 |
| 2021-07-30 | CVE-2021-28674 | Incorrect Authorization vulnerability in Solarwinds Orion Platform The node management page in SolarWinds Orion Platform before 2020.2.5 HF1 allows an attacker to create or delete a node (outside of the attacker's perimeter) via an account with write permissions. | 5.5 |
| 2021-03-26 | CVE-2021-3109 | Unspecified vulnerability in Solarwinds Orion Platform The custom menu item options page in SolarWinds Orion Platform before 2020.2.5 allows Reverse Tabnabbing in the context of an administrator account. network solarwinds | 4.9 |