- #Npa updates orion solarwinds Patch#
- #Npa updates orion solarwinds upgrade#
- #Npa updates orion solarwinds software#
#Npa updates orion solarwinds Patch#
SolarWinds patch three other critical vulnerabilities last month, one of them allowing remote unauthenticated threat actors to take over Orion servers.Cyber security 101: Protect your privacy from hackers, spies, and the government
#Npa updates orion solarwinds upgrade#
They can also upgrade the entire Orion deployment by going to the My Orion Deployment page and navigating to Settings > My Orion Deployment > Updates & Evaluations.
"If you are upgrading from Orion Platform 2015.1.3 or later, use the SolarWinds Orion Installer to simultaneously upgrade your entire Orion deployment (all Orion Platform products and any scalability engines) to the current versions," SolarWinds explained.Īdmins upgrading from an Orion Platform 2019.2 installation don't need to download the Orion Installer first. Communication channel improvements for internal SolarWinds services.Īdministrators can deploy the security updates and the additional security improvements by installing the Orion Platform 2020.2.5 release.Orion XSS prevention improvements and related fixes.SolarWinds has also included several security improvements in this new Orion Platform release, including: This vulnerability requires an Orion administrator account to exploit this. This vulnerability requires Orion administrator account to exploit this.Ī Reverse Tabnabbing and Open Redirect vulnerability was found in the custom menu item options page by a security researcher. In order to exploit this, an attacker first needs to know the credentials of an unprivileged local account on the Orion Server.Ī stored XSS vulnerability was found in the add custom tab within customize view page by a security researcher. The vulnerability can be used to achieve authenticated RCE as Administrator.
An Orion authenticated user is required to exploit this. CVE-IDĪ remote code execution vulnerability has been found via the test alert actions. The two vulnerabilities, reported through Trend Micro's Zero Day Initiative, haven't yet been assigned CVE ID numbers. However, this flaw also requires the attackers to know an unprivileged local account's credentials on the targeted Orion Server.
Luckily, despite being rated as critical by SolarWinds, only authenticated users can successfully exploit this vulnerability.Ī second RCE vulnerability rated as high severity that attackers could use to execute arbitrary code remotely as an Administrator was addressed in the SolarWinds Orion Job Scheduler. The highest severity security flaw patched by SolarWinds on Thursday is a critical JSON deserialization bug that remote attackers can exploit to execute arbitrary code through Orion Platform Action Manager's test alert actions. Patches for critical and high severity vulnerabilities
#Npa updates orion solarwinds software#
The Orion Platform is an IT administration solution that enables enterprise organizations to manage, optimize, and monitor their on-premises, hybrid, or software as a service (SaaS) IT infrastructures. SolarWinds has released security updates to address four vulnerabilities impacting the company's Orion IT monitoring platform, two of them allowing attackers to execute arbitrary code remotely.