admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-05-05 10:16:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
GobyVuls/SolarWinds/CVE-2020-10148
History
tardc 6116435ec4 add CVE-2020-10148
2021-01-06 11:08:12 +08:00
..
CVE-2020-10148.gif
add CVE-2020-10148
2021-01-06 11:08:12 +08:00
README.md
add CVE-2020-10148
2021-01-06 11:08:12 +08:00

README.md

CVE-2020-10148 SolarWinds Orion Local File Disclosure

The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. This vulnerability could allow a remote attacker to bypass authentication and execute API commands which may result in a compromise of the SolarWinds instance. SolarWinds Orion Platform versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1 are affected.

FOFA query rule: app="Solarwinds-Traffic-Management"

Demo