An Orion authenticated user is required to exploit this. CVE-IDĪ remote code execution vulnerability has been found via the test alert actions. The two vulnerabilities, reported through Trend Micro's Zero Day Initiative, haven't yet been assigned CVE ID numbers. However, this flaw also requires the attackers to know an unprivileged local account's credentials on the targeted Orion Server. Luckily, despite being rated as critical by SolarWinds, only authenticated users can successfully exploit this vulnerability.Ī second RCE vulnerability rated as high severity that attackers could use to execute arbitrary code remotely as an Administrator was addressed in the SolarWinds Orion Job Scheduler. The highest severity security flaw patched by SolarWinds on Thursday is a critical JSON deserialization bug that remote attackers can exploit to execute arbitrary code through Orion Platform Action Manager's test alert actions. Patches for critical and high severity vulnerabilities The Orion Platform is an IT administration solution that enables enterprise organizations to manage, optimize, and monitor their on-premises, hybrid, or software as a service (SaaS) IT infrastructures. SolarWinds has released security updates to address four vulnerabilities impacting the company's Orion IT monitoring platform, two of them allowing attackers to execute arbitrary code remotely.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |