GCVE - cpe:2.3:a:solarwinds:orion_platform:2020.2.6:-:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:solarwinds:orion_platform:2020.2.6:-:*:*:*:*:*:*

part: a version: 2020.2.6 update: -

Vendor	Solarwinds (`c393915a-764f-5773-8a18-db4a4d0f1496`)
Product	Orion Platform (`050f2879-32aa-5439-8aa8-8021720656cf`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2022-38108`	vulnerable	2026-06-03 14:47:49.260266	SolarWinds Platform Deserialization of Untrusted Data HIGH (7.2) SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands. Published: 2022-10-20T20:11:25.181Z Updated: 2025-05-08T15:22:21.153Z Open on db.gcve.eu Reference links https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-38108 https://www.zerodayinitiative.com/advisories/ZDI-CAN-17531 http://packetstormsecurity.com/files/171567/SolarWinds-Information-Service-SWIS-Remote-Command-Execution.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-36966`	vulnerable	2026-06-03 14:47:41.116167	Insecure Direct Object Reference Vulnerability: Orion Platform 2020.2.6 MEDIUM (5.4) Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds Platform 2022.3 and previous. Published: 2022-10-20T20:05:35.645Z Updated: 2025-05-07T20:49:50.846Z Open on db.gcve.eu Reference links https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-4_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36966	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-36964`	vulnerable	2026-06-03 14:47:41.115075	SolarWinds Platform Deserialization of Untrusted Data HIGH (8.8) SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands. Published: 2022-11-29T20:47:49.978Z Updated: 2025-04-25T14:41:14.527Z Open on db.gcve.eu Reference links https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-4_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36964	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-36962`	vulnerable	2026-06-03 14:47:41.108876	SolarWinds Platform Command Injection HIGH (7.2) SolarWinds Platform was susceptible to Command Injection. This vulnerability allows a remote adversary with complete control over the SolarWinds database to execute arbitrary commands. Published: 2022-11-29T20:46:18.482Z Updated: 2025-04-25T14:42:00.235Z Open on db.gcve.eu Reference links https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-4_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36962	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-36960`	vulnerable	2026-06-03 14:47:41.107861	SolarWinds Platform Improper Input Validation HIGH (8.8) SolarWinds Platform was susceptible to Improper Input Validation. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to escalate user privileges. Published: 2022-11-29T20:43:38.388Z Updated: 2025-04-24T17:46:45.937Z Open on db.gcve.eu Reference links https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36960 https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-4_release_notes.htm	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-36958`	vulnerable	2026-06-03 14:47:41.107244	SolarWinds Platform Deserialization of Untrusted Data HIGH (8.8) SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands. Published: 2022-10-20T20:10:01.367Z Updated: 2025-05-08T13:25:48.824Z Open on db.gcve.eu Reference links https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36958 https://www.zerodayinitiative.com/advisories/ZDI-CAN-17567	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-36957`	vulnerable	2026-06-03 14:47:41.103112	SolarWinds Platform Deserialization of Untrusted Data HIGH (7.2) SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands. Published: 2022-10-20T20:08:04.993Z Updated: 2025-05-05T20:01:34.955Z Open on db.gcve.eu Reference links https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36957 https://www.zerodayinitiative.com/advisories/ZDI-CAN-17530	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-35248`	vulnerable	2026-06-03 14:44:56.278846	Unrestricted access to Orion.UserSettings SWIS entity for low-privilege users MEDIUM (6.8) It has been reported that any Orion user, e.g. guest accounts can query the Orion.UserSettings entity and enumerate users and their basic settings. Published: 2021-12-20T20:08:24.068Z Updated: 2024-09-16T20:07:13.877Z Open on db.gcve.eu Reference links https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35248 https://support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2020-2-6-Hotfix-3 https://documentation.solarwinds.com/en/Success_Center/orionplatform/content/core-secure-configuration.htm	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-35244`	vulnerable	2026-06-03 14:44:56.269714	Unrestricted File Upload Causing Remote Code Execution: Orion Platform 2020.2.6 MEDIUM (6.8) The "Log alert to a file" action within action management enables any Orion Platform user with Orion alert management rights to write to any file. An attacker with Orion alert management rights could use this vulnerability to perform an unrestricted file upload causing a remote code execution. Published: 2021-12-20T20:08:24.786Z Updated: 2024-09-16T22:10:26.291Z Open on db.gcve.eu Reference links https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35242 https://documentation.solarwinds.com/en/Success_Center/orionplatform/content/core-secure-configuration.htm https://support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2020-2-6-Hotfix-3?language=en_US https://www.zerodayinitiative.com/advisories/ZDI-22-375/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-35239`	vulnerable	2026-06-03 14:44:56.265097	Stored XSS in Maps text box hyperlink Vulnerability HIGH (7.5) A security researcher found a user with Orion map manage rights could store XSS through via text box hyperlink. Published: 2021-08-31T15:56:08.000Z Updated: 2024-08-04T00:33:51.271Z Open on db.gcve.eu Reference links https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm https://support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2020-2-6-Hotfix-1?language=en_US https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35239 https://support.solarwinds.com/SuccessCenter/s/article/Mitigate-the-Stored-XSS-in-Maps-text-box-hyperlink-vulnerability-CVE-2021-35239?language=en_US	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-35238`	vulnerable	2026-06-03 14:44:56.264690	Stored XSS through URL POST parameter in CreateExternalWebsite Vulnerability MEDIUM (4.8) User with Orion Platform Admin Rights could store XSS through URL POST parameter in CreateExternalWebsite website. Published: 2021-09-01T11:02:35.000Z Updated: 2024-08-04T00:33:51.272Z Open on db.gcve.eu Reference links https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm https://support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2020-2-6-Hotfix-1?language=en_US https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35238	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-35234`	vulnerable	2026-06-03 14:44:56.261707	Exposed Dangerous Functions - Privileged Escalation HIGH (8) Numerous exposed dangerous functions within Orion Core has allows for read-only SQL injection leading to privileged escalation. An attacker with low-user privileges may steal password hashes and password salt information. Published: 2021-12-20T20:08:25.522Z Updated: 2024-09-16T18:59:20.905Z Open on db.gcve.eu Reference links https://support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2020-2-6-Hotfix-3 https://documentation.solarwinds.com/en/Success_Center/orionplatform/content/core-secure-configuration.htm https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35234 https://www.zerodayinitiative.com/advisories/ZDI-21-1598/ https://www.zerodayinitiative.com/advisories/ZDI-21-1596/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

SolarWinds Orion Platform 2020.2.6

PURL mappings

Vulnerability references

Contribute