You can now find Cyber Kendra on Google News | Telegram

SolarWinds Orion Fix Another Critical RCE Vulnerability

SolarWinds Orion Platform has fixed critical Remote Code Execution Bug on its application

Enterprise IT management solutions maker SolarWinds released a security update on Thursday March 25th that addresses four vulnerabilities in the Orion platform.

Two fixed vulnerabilities (no CVE ID assigned to them yet) allow remote code execution. The most dangerous of these is the JSON deserialization vulnerability. It allows an authorized user to execute arbitrary code through the test notification function in the Orion web console, which simulates network events (for example, no response from the server) that can trigger corresponding notifications.

The second vulnerability affects the Orion Job Scheduler. However, in order to exploit it, an attacker must first obtain the credentials of an unprivileged local user, Orion Server.

Another highly dangerous vulnerability is CVE-2020-35856. The issue affects the Add Users tab on the View Settings page and allows cross-site scripting (XSS). It requires the Orion platform administrator rights to operate.

The fourth vulnerability (CVE-2021-3109) is the reverse tabnabbing / Open Redirect on the menu settings page. The problem is medium hazard. It requires the Orion platform administrator rights to operate.

In order to avoid possible attacks with the exploitation of the above vulnerabilities, users are strongly recommended to install the Orion Platform 2020.2.5 version.

Post a Comment

Cookie Consent
We serve cookies on this site to analyze traffic, remember your preferences, and optimize your experience.
It seems there is something wrong with your internet connection. Please connect to the internet and start browsing again.
AdBlock Detected!
We have detected that you are using adblocking plugin in your browser.
The revenue we earn by the advertisements is used to manage this website, we request you to whitelist our website in your adblocking plugin.
Site is Blocked
Sorry! This site is not available in your country.