CyberSec.Space Logo
Back to CVE Browser

CVE-2020-10148

Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
EPSS Score86.2020%
EPSS Percentile98.73th
PublishedDec 29, 2020
Last ModifiedOct 24, 2025

Vulnerability Description

The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. This vulnerability could allow a remote attacker to bypass authentication and execute API commands which may result in a compromise of the SolarWinds instance. SolarWinds Orion Platform versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1 are affected.

Affected Platforms (CPE)

πŸ“¦
Solarwinds

Orion Platform

= 2019.4
πŸ“¦
Solarwinds

Orion Platform

= 2020.2
πŸ“¦
Solarwinds

Orion Platform

= 2020.2.1

References & Advisories

πŸ”— https://kb.cert.org/vuls/id/843464
πŸ”— https://www.solarwinds.com/securityadvisory
πŸ”— https://kb.cert.org/vuls/id/843464
πŸ”— https://www.kb.cert.org/vuls/id/843464
πŸ”— https://www.solarwinds.com/securityadvisory
πŸ”— https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-10148

Related Vulnerabilities

CVE-2021-252749.8

The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ (Microsoft Message Queue) and doesn't set permissions...

CVE-2021-272589.8

This vulnerability allows remote attackers to execute escalate privileges on affected installations of SolarWinds Orion Platform 2...

CVE-2019-95469.8

SolarWinds Orion Platform before 2018.4 Hotfix 2 allows privilege escalation through the RabbitMQ service.

CVE-2020-131699.0

Stored XSS (Cross-Site Scripting) exists in the SolarWinds Orion Platform before before 2020.2.1 on multiple forms and pages. This...

CVE-2020-10148 Detail & Impact Analysis | CVSS 9.8 (CRITICAL) | Cyber-Sec.Space | Cyber-Sec.Space