CVE-2020-10148

Name of the Vulnerable Software and Affected Versions SolarWinds Orion Platform versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1

Description The vulnerability is related to an authentication bypass in the SolarWinds Orion API, allowing a remote attacker to execute API commands. This could result in a compromise of the SolarWinds instance. The issue is associated with the use of an alternative path or channel to bypass authentication.

Recommendations For SolarWinds Orion Platform version 2019.4 HF 5, update to a version that includes a fix for this issue. For SolarWinds Orion Platform version 2020.2 with no hotfix installed, install a hotfix that addresses this vulnerability. For SolarWinds Orion Platform version 2020.2 HF 1, update to a later version that includes a fix for this issue. As a temporary workaround, consider restricting access to the SolarWinds Orion API to minimize the risk of exploitation.