Description

Acunetix determined that it was possible to access SolarWinds Orion's sensitive files without authentication with a specially crafted HTTP request.

Remediation

Upgrade to the latest version of SolarWinds Orion

References

SolarWinds Orion API authentication bypass allows remote command execution

Related Vulnerabilities

Joomla! Core 3.x.x Security Bypass (3.2.0 - 3.8.1)

WordPress Plugin WP User Manager-User Profile Builder & Membership Security Bypass (2.6.2)

WordPress Plugin HM Multiple Roles Security Bypass (1.2)

WordPress Plugin Helpie FAQ-WordPress FAQ Accordion Security Bypass (0.7)

WordPress Plugin Starfish Review Generation & Marketing for WordPress Security Bypass (2.0.0)

Severity

High

Classification

CVE-2020-10148 CWE-287 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Authentication Bypass