CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2019-9546

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1430%
EPSS Percentile13.87th
Published2019年3月1日
Last Modified2024年11月21日

Vulnerability Description

SolarWinds Orion Platform before 2018.4 Hotfix 2 allows privilege escalation through the RabbitMQ service.

Affected Platforms (CPE)

📦
Solarwinds

Orion Platform

< 2018.4
📦
Solarwinds

Orion Platform

= 2018.4
📦
Solarwinds

Orion Platform

= 2018.4

References & Advisories

🔗 https://github.com/active-labs/Advisories/blob/master/2019/ACTIVE-2019-005.md
🔗 https://support.solarwinds.com/SuccessCenter/s/article/CVE-2019-9546-Orion-Platform-Vulnerability
🔗 https://support.solarwinds.com/Success_Center/Orion_Platform/Orion_Documentation/Additional_Resources/Orion_Platform_2018-4_Hotfix_2
🔗 https://github.com/active-labs/Advisories/blob/master/2019/ACTIVE-2019-005.md
🔗 https://support.solarwinds.com/SuccessCenter/s/article/CVE-2019-9546-Orion-Platform-Vulnerability
🔗 https://support.solarwinds.com/Success_Center/Orion_Platform/Orion_Documentation/Additional_Resources/Orion_Platform_2018-4_Hotfix_2

相關漏洞威脅

CVE-2021-272589.8

This vulnerability allows remote attackers to execute escalate privileges on affected installations of SolarWinds Orion Platform 2...

CVE-2020-101489.8

The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. Thi...

CVE-2021-252749.8

The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ (Microsoft Message Queue) and doesn't set permissions...

CVE-2020-131699.0

Stored XSS (Cross-Site Scripting) exists in the SolarWinds Orion Platform before before 2020.2.1 on multiple forms and pages. This...