Solarwinds Orion Platform vulnerabilities
51 known vulnerabilities affecting solarwinds/orion_platform.
Total CVEs
51
CISA KEV
1
actively exploited
Public exploits
2
Exploited in wild
2
Severity breakdown
CRITICAL6HIGH29MEDIUM16
Vulnerabilities
Page 3 of 3
CVE-2022-36965P4MEDIUMCVSS 6.1≥ 2020.2.6 and previous versions, < 2022.3.02022-09-30
CVE-2022-36965 [MEDIUM] CWE-79 CVE-2022-36965: Insufficient sanitization of inputs in QoE application input field could lead to stored and Dom base
Insufficient sanitization of inputs in QoE application input field could lead to stored and Dom based XSS attack. This issue is fixed and released in SolarWinds Platform (2022.3.0).
nvd
CVE-2022-47509P4MEDIUMCVSS 6.1fixed in 2023.22023-04-21
CVE-2022-47509 [MEDIUM] CWE-79 CVE-2022-47509: The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability. This vu
The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform account to append URL parameters to inject HTML.
nvd
CVE-2019-12864P4MEDIUMCVSS 5.5v2018.42020-05-04
CVE-2019-12864 [MEDIUM] CWE-209 CVE-2019-12864: SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) is vulnerable to Information Leakage,
SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) is vulnerable to Information Leakage, because of improper error handling with stack traces, as demonstrated by discovering a full pathname upon a 500 Internal Server Error via the api2/swis/query?lang=en-us&swAlertOnError=false query parameter.
nvd
CVE-2021-35219P4MEDIUMCVSS 4.9fixed in 2020.2.6≥ 2020.2.6 and previous versions, ≤ 2020.2.6 HF12021-08-31
CVE-2021-35219 [MEDIUM] CVE-2021-35219: ExportToPdfCmd Arbitrary File Read Information Disclosure Vulnerability using ImportAlert function w
ExportToPdfCmd Arbitrary File Read Information Disclosure Vulnerability using ImportAlert function within the Alerts Settings page.
nvd
CVE-2021-35239P4MEDIUMCVSS 5.4≤ 2020.2.5v2020.2.6+1 more2021-08-31
CVE-2021-35239 [MEDIUM] CWE-79 CVE-2021-35239: A security researcher found a user with Orion map manage rights could store XSS through via text box
A security researcher found a user with Orion map manage rights could store XSS through via text box hyperlink.
nvd
CVE-2019-12863P4MEDIUMCVSS 4.8v2018.42020-02-25
CVE-2019-12863 [MEDIUM] CWE-79 CVE-2019-12863: SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) allows Stored HTML Injection by admin
SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) allows Stored HTML Injection by administrators via the Web Console Settings screen.
nvd
CVE-2021-3109P4MEDIUMCVSS 4.8fixed in 2020.2.52021-03-26
CVE-2021-3109 [MEDIUM] CVE-2021-3109: The custom menu item options page in SolarWinds Orion Platform before 2020.2.5 allows Reverse Tabnab
The custom menu item options page in SolarWinds Orion Platform before 2020.2.5 allows Reverse Tabnabbing in the context of an administrator account.
nvd
CVE-2020-35856P4MEDIUMCVSS 4.8fixed in 2020.2.52021-03-26
CVE-2020-35856 [MEDIUM] CWE-79 CVE-2020-35856: SolarWinds Orion Platform before 2020.2.5 allows stored XSS attacks by an administrator on the Custo
SolarWinds Orion Platform before 2020.2.5 allows stored XSS attacks by an administrator on the Customize View page.
nvd
CVE-2021-35248P4MEDIUMCVSS 4.3fixed in 2020.2.6v2020.2.62021-12-20
CVE-2021-35248 [MEDIUM] CWE-732 CVE-2021-35248: It has been reported that any Orion user, e.g. guest accounts can query the Orion.UserSettings entit
It has been reported that any Orion user, e.g. guest accounts can query the Orion.UserSettings entity and enumerate users and their basic settings.
nvd
CVE-2021-35240P4MEDIUMCVSS 4.8≤ 2020.2.5≥ 2020.2.6 and previous versions, < 2020.2.6 HF12021-08-31
CVE-2021-35240 [MEDIUM] CWE-79 CVE-2021-35240: A security researcher stored XSS via a Help Server setting. This affects customers using Internet Ex
A security researcher stored XSS via a Help Server setting. This affects customers using Internet Explorer, because they do not support 'rel=noopener'.
nvd
CVE-2021-35238P4MEDIUMCVSS 4.8≤ 2020.2.5v2020.2.6+1 more2021-09-01
CVE-2021-35238 [MEDIUM] CWE-79 CVE-2021-35238: User with Orion Platform Admin Rights could store XSS through URL POST parameter in CreateExternalWe
User with Orion Platform Admin Rights could store XSS through URL POST parameter in CreateExternalWebsite website.
nvd
← Previous3 / 3