Back to search
CVE-2020-10148
Published: Dec 29, 2020
Modified: Oct 21, 2025
PUBLISHED
Description
The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. This vulnerability could allow a remote attacker to bypass authentication and execute API commands which may result in a compromise of the SolarWinds instance. SolarWinds Orion Platform versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1 are affected.
| Vendor | Product | Versions |
|---|---|---|
SolarWinds | Orion Platform | affected 2019.4 HF 5affected 2020.2 without hotfixaffected 2020.2 HF 1 |
Weaknesses (CWE)
References
https://www.solarwinds.com/securityadvisory
x_refsource_CONFIRM
VU#843464
third-party-advisory
x_refsource_CERT-VN
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now