AI Score
Confidence
Low
EPSS
Percentile
99.9%
SSVC
Exploitation
active
Automatable
yes
Technical Impact
total
The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. This vulnerability could allow a remote attacker to bypass authentication and execute API commands which may result in a compromise of the SolarWinds instance. SolarWinds Orion Platform versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1 are affected.
[
{
"cpes": [
"cpe:2.3:a:solarwinds:orion_platform:2019.4:hotfix5:*:*:*:*:*:*"
],
"vendor": "solarwinds",
"product": "orion_platform",
"versions": [
{
"status": "affected",
"version": "2019.4"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:a:solarwinds:orion_platform:2020.2.1:-:*:*:*:*:*:*"
],
"vendor": "solarwinds",
"product": "orion_platform",
"versions": [
{
"status": "affected",
"version": "2020.2.1"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:a:solarwinds:orion_platform:2020.2:hotfix1:*:*:*:*:*:*"
],
"vendor": "solarwinds",
"product": "orion_platform",
"versions": [
{
"status": "affected",
"version": "2020.2"
}
],
"defaultStatus": "unknown"
}
]