Unrated severityCISA KEVNVD Advisory· Published Dec 29, 2020· Updated Oct 21, 2025
SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands
CVE-2020-10148
Description
The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. This vulnerability could allow a remote attacker to bypass authentication and execute API commands which may result in a compromise of the SolarWinds instance. SolarWinds Orion Platform versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1 are affected.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
22019.4 HF 5, 2020.2, 2020.2 HF 1+ 1 more
- (no CPE)range: 2019.4 HF 5, 2020.2, 2020.2 HF 1
- (no CPE)range: 2019.4 HF 5
Patches
Vulnerability mechanics
References
2- kb.cert.org/vuls/id/843464mitrethird-party-advisoryx_refsource_CERT-VN
- www.solarwinds.com/securityadvisorymitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.