CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-10148

The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. This vulnerability could allow a remote attacker to bypass authentication and execute API commands which may result in a compromise of the SolarWinds instance. SolarWinds Orion Platform versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1 are affected.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.943

EPSS Ranking 99.9%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

Proposed Action

SolarWinds Orion API contains an authentication bypass vulnerability that could allow a remote attacker to execute API commands.

Ransomware Campaign

Unknown

References

Products affected by CVE-2020-10148

Solarwinds » Orion Platform » Version: 2019.4

cpe:2.3:a:solarwinds:orion_platform:2019.4
Solarwinds » Orion Platform » Version: 2020.2

cpe:2.3:a:solarwinds:orion_platform:2020.2
Solarwinds » Orion Platform » Version: 2020.2.1

cpe:2.3:a:solarwinds:orion_platform:2020.2.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-10148

Products

Pricing

Contact Us