CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2020-10148

Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
EPSS Score86.2020%
EPSS Percentile98.73th
Published2020年12月29日
Last Modified2025年10月24日

Vulnerability Description

The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. This vulnerability could allow a remote attacker to bypass authentication and execute API commands which may result in a compromise of the SolarWinds instance. SolarWinds Orion Platform versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1 are affected.

Affected Platforms (CPE)

📦
Solarwinds

Orion Platform

= 2019.4
📦
Solarwinds

Orion Platform

= 2020.2
📦
Solarwinds

Orion Platform

= 2020.2.1

References & Advisories

🔗 https://kb.cert.org/vuls/id/843464
🔗 https://www.solarwinds.com/securityadvisory
🔗 https://kb.cert.org/vuls/id/843464
🔗 https://www.kb.cert.org/vuls/id/843464
🔗 https://www.solarwinds.com/securityadvisory
🔗 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-10148

相關漏洞威脅

CVE-2021-252749.8

The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ (Microsoft Message Queue) and doesn't set permissions...

CVE-2021-272589.8

This vulnerability allows remote attackers to execute escalate privileges on affected installations of SolarWinds Orion Platform 2...

CVE-2019-95469.8

SolarWinds Orion Platform before 2018.4 Hotfix 2 allows privilege escalation through the RabbitMQ service.

CVE-2020-131699.0

Stored XSS (Cross-Site Scripting) exists in the SolarWinds Orion Platform before before 2020.2.1 on multiple forms and pages. This...