SolarWinds Orion Platform 2020.2.6 Hotfix 2
Approved changes feed: RSS · Atom
cpe:2.3:a:solarwinds:orion_platform:2020.2.6:hotfix2:*:*:*:*:*:*
part: a version: 2020.2.6 update: hotfix2
| Vendor | Solarwinds (c393915a-764f-5773-8a18-db4a4d0f1496) |
|---|---|
| Product | Orion Platform (050f2879-32aa-5439-8aa8-8021720656cf) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2022-38108 |
vulnerable | 2026-06-03 14:47:49.261305 |
SolarWinds Platform Deserialization of Untrusted Data
HIGH (7.2)
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
Published: 2022-10-20T20:11:25.181Z
Updated: 2025-05-08T15:22:21.153Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-36966 |
vulnerable | 2026-06-03 14:47:41.116202 |
Insecure Direct Object Reference Vulnerability: Orion Platform 2020.2.6
MEDIUM (5.4)
Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds Platform 2022.3 and previous.
Published: 2022-10-20T20:05:35.645Z
Updated: 2025-05-07T20:49:50.846Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-36964 |
vulnerable | 2026-06-03 14:47:41.115112 |
SolarWinds Platform Deserialization of Untrusted Data
HIGH (8.8)
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands.
Published: 2022-11-29T20:47:49.978Z
Updated: 2025-04-25T14:41:14.527Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-36962 |
vulnerable | 2026-06-03 14:47:41.108913 |
SolarWinds Platform Command Injection
HIGH (7.2)
SolarWinds Platform was susceptible to Command Injection. This vulnerability allows a remote adversary with complete control over the SolarWinds database to execute arbitrary commands.
Published: 2022-11-29T20:46:18.482Z
Updated: 2025-04-25T14:42:00.235Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-36960 |
vulnerable | 2026-06-03 14:47:41.107898 |
SolarWinds Platform Improper Input Validation
HIGH (8.8)
SolarWinds Platform was susceptible to Improper Input Validation. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to escalate user privileges.
Published: 2022-11-29T20:43:38.388Z
Updated: 2025-04-24T17:46:45.937Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-36958 |
vulnerable | 2026-06-03 14:47:41.107282 |
SolarWinds Platform Deserialization of Untrusted Data
HIGH (8.8)
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands.
Published: 2022-10-20T20:10:01.367Z
Updated: 2025-05-08T13:25:48.824Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-36957 |
vulnerable | 2026-06-03 14:47:41.104121 |
SolarWinds Platform Deserialization of Untrusted Data
HIGH (7.2)
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
Published: 2022-10-20T20:08:04.993Z
Updated: 2025-05-05T20:01:34.955Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-35248 |
vulnerable | 2026-06-03 14:44:56.278886 |
Unrestricted access to Orion.UserSettings SWIS entity for low-privilege users
MEDIUM (6.8)
It has been reported that any Orion user, e.g. guest accounts can query the Orion.UserSettings entity and enumerate users and their basic settings.
Published: 2021-12-20T20:08:24.068Z
Updated: 2024-09-16T20:07:13.877Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-35244 |
vulnerable | 2026-06-03 14:44:56.269754 |
Unrestricted File Upload Causing Remote Code Execution: Orion Platform 2020.2.6
MEDIUM (6.8)
The "Log alert to a file" action within action management enables any Orion Platform user with Orion alert management rights to write to any file. An attacker with Orion alert management rights could use this vulnerability to perform an unrestricted file upload causing a remote code execution.
Published: 2021-12-20T20:08:24.786Z
Updated: 2024-09-16T22:10:26.291Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-35234 |
vulnerable | 2026-06-03 14:44:56.263114 |
Exposed Dangerous Functions - Privileged Escalation
HIGH (8)
Numerous exposed dangerous functions within Orion Core has allows for read-only SQL injection leading to privileged escalation. An attacker with low-user privileges may steal password hashes and password salt information.
Published: 2021-12-20T20:08:25.522Z
Updated: 2024-09-16T18:59:20.905Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.