Known Vulnerabilities for Orion Platform by Solarwinds

Listed below are 10 of the newest known vulnerabilities associated with "Orion Platform" by "Solarwinds".

These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.

Data on known vulnerable versions is also displayed based on information from known CPEs

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2021-35218 Deserialization of Untrusted Data in the Web Console Chart Endpoint can lead to remote code execution. An unauthorized attack... 8.8 - HIGH 2021-09-01 2021-11-03
CVE-2021-35215 Insecure deserialization leading to Remote Code Execution was detected in the Orion Platform version 2020.2.5. Authentication... 8.8 - HIGH 2021-09-01 2021-11-03
CVE-2021-35213 An Improper Access Control Privilege Escalation Vulnerability was discovered in the User Setting of Orion Platform version 20... 8.8 - HIGH 2021-08-31 2022-10-27
CVE-2021-35212 An SQL injection Privilege Escalation Vulnerability was discovered in the Orion Platform reported by the ZDI Team. A blind Bo... 8.8 - HIGH 2021-08-31 2021-11-05
CVE-2021-28674 The node management page in SolarWinds Orion Platform before 2020.2.5 HF1 allows an attacker to create or delete a node (outs... 5.4 - MEDIUM 2021-07-30 2022-07-12
CVE-2021-27277 This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Orion Virtual Infras... 7.8 - HIGH 2021-04-22 2021-07-20
CVE-2021-27258 This vulnerability allows remote attackers to execute escalate privileges on affected installations of SolarWinds Orion Platf... 9.8 - CRITICAL 2021-04-14 2022-07-29
CVE-2021-25275 SolarWinds Orion Platform before 2020.2.4, as used by various SolarWinds products, installs and uses a SQL Server backend, an... 7.8 - HIGH 2021-02-03 2021-02-08
CVE-2021-25274 The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ (Microsoft Message Queue) and doesn't set permis... 9.8 - CRITICAL 2021-02-03 2021-02-08
CVE-2021-3109 The custom menu item options page in SolarWinds Orion Platform before 2020.2.5 allows Reverse Tabnabbing in the context of an... 4.8 - MEDIUM 2021-03-26 2021-03-29
Results limited to 10 most recent vulnerabilities

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationSolarwindsOrion Platform2020.2.4AllAllAll
ApplicationSolarwindsOrion Platform2020.2.1hotfix1AllAll
ApplicationSolarwindsOrion Platform2020.2.1-AllAll
ApplicationSolarwindsOrion Platform2020.2hotfix1AllAll
ApplicationSolarwindsOrion Platform2020.2-AllAll
ApplicationSolarwindsOrion Platform2019.4hotfix2AllAll
ApplicationSolarwindsOrion Platform2019.4-AllAll
ApplicationSolarwindsOrion Platform2019.4hotfix1AllAll
ApplicationSolarwindsOrion Platform2019.4hotfix3AllAll
ApplicationSolarwindsOrion Platform2019.4hotfix4AllAll
ApplicationSolarwindsOrion Platform2019.4hotfix5AllAll
ApplicationSolarwindsOrion Platform2019.2hotfix3AllAll
ApplicationSolarwindsOrion Platform2019.2hotfix2AllAll
ApplicationSolarwindsOrion Platform2019.2hotfix1AllAll
ApplicationSolarwindsOrion Platform2018.4hotfix3AllAll
ApplicationSolarwindsOrion Platform2018.4hotfix2AllAll
ApplicationSolarwindsOrion Platform2018.4hotfix1AllAll
ApplicationSolarwindsOrion Platform2018.4-AllAll
ApplicationSolarwindsOrion Platform2018.2hotfix6AllAll
ApplicationSolarwindsOrion Platform2018.2hotfix5AllAll
Results limited to 20 most recent known configurations
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report