CyberSec.Space Logo
Back to CVE Browser

CVE-2019-9546

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1430%
EPSS Percentile13.87th
PublishedMar 1, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

SolarWinds Orion Platform before 2018.4 Hotfix 2 allows privilege escalation through the RabbitMQ service.

Affected Platforms (CPE)

πŸ“¦
Solarwinds

Orion Platform

< 2018.4
πŸ“¦
Solarwinds

Orion Platform

= 2018.4
πŸ“¦
Solarwinds

Orion Platform

= 2018.4

References & Advisories

πŸ”— https://github.com/active-labs/Advisories/blob/master/2019/ACTIVE-2019-005.md
πŸ”— https://support.solarwinds.com/SuccessCenter/s/article/CVE-2019-9546-Orion-Platform-Vulnerability
πŸ”— https://support.solarwinds.com/Success_Center/Orion_Platform/Orion_Documentation/Additional_Resources/Orion_Platform_2018-4_Hotfix_2
πŸ”— https://github.com/active-labs/Advisories/blob/master/2019/ACTIVE-2019-005.md
πŸ”— https://support.solarwinds.com/SuccessCenter/s/article/CVE-2019-9546-Orion-Platform-Vulnerability
πŸ”— https://support.solarwinds.com/Success_Center/Orion_Platform/Orion_Documentation/Additional_Resources/Orion_Platform_2018-4_Hotfix_2

Related Vulnerabilities

CVE-2021-272589.8

This vulnerability allows remote attackers to execute escalate privileges on affected installations of SolarWinds Orion Platform 2...

CVE-2020-101489.8

The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. Thi...

CVE-2021-252749.8

The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ (Microsoft Message Queue) and doesn't set permissions...

CVE-2020-131699.0

Stored XSS (Cross-Site Scripting) exists in the SolarWinds Orion Platform before before 2020.2.1 on multiple forms and pages. This...