← ExploitWatch
HomeExploited Vulnerabilities

CVE-2020-10148 — Actively Exploited: Orion (SolarWinds)

SolarWinds Orion API contains an authentication bypass vulnerability that could allow a remote attacker to execute API commands.

CVE IDCVE-2020-10148
VendorSolarWinds
ProductOrion
Vulnerability nameSolarWinds Orion Authentication Bypass Vulnerability
Date added2021-11-03
Remediation due2022-05-03
Known ransomware useUnknown
Required actionApply updates per vendor instructions.
DescriptionSolarWinds Orion API contains an authentication bypass vulnerability that could allow a remote attacker to execute API commands.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →