Description

Acunetix determined that it was possible to access SolarWinds Orion's sensitive files without authentication with a specially crafted HTTP request.

Remediation

Upgrade to the latest version of SolarWinds Orion

References

SolarWinds Orion API authentication bypass allows remote command execution

Related Vulnerabilities

WordPress Plugin Header Enhancement Security Bypass (1.4.3)

WordPress Plugin The Plus Addons for Elementor Security Bypass (4.1.10)

WordPress Plugin SpamBam Key Calculation Security Bypass (2.1)

WordPress Plugin Ninja Forms Contact Form-The Drag and Drop Form Builder for WordPress Security Bypass (3.5.7)

Drupal Core 5.x Multiple Security Bypass Vulnerabilities (5.0 - 5.22)

Severity

High

Classification

CVE-2020-10148 CWE-287 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Authentication Bypass