{ "id": "81db0958-6acd-48e2-8b53-a3b329c42595", "created_at": "2026-04-06T00:19:27.143776Z", "updated_at": "2026-04-10T03:21:30.033123Z", "deleted_at": null, "sha1_hash": "018d0af4f623bd15aa102d0e57567cf4de423fe0", "title": "CERT/CC Vulnerability Note VU#843464", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 49096, "plain_text": "CERT/CC Vulnerability Note VU#843464\r\nArchived: 2026-04-06 00:05:05 UTC\r\nOverview\r\nThe SolarWinds Orion API is vulnerable to authentication bypass that could allow a remote attacker to execute\r\nAPI commands.\r\nDescription\r\nThe SolarWinds Orion Platform is a suite of infrastructure and system monitoring and management products. The\r\nSolarWinds Orion API is embedded into the Orion Core and is used to interface with all SolarWinds Orion\r\nPlatform products. API authentication can be bypassed by including specific parameters in the\r\nRequest.PathInfo portion of a URI request, which could allow an attacker to execute unauthenticated API\r\ncommands. In particular, if an attacker appends a PathInfo parameter of WebResource.axd ,\r\nScriptResource.axd , i18n.ashx , or Skipi18n to a request to a SolarWinds Orion server, SolarWinds may set\r\nthe SkipAuthorization flag, which may allow the API request to be processed without requiring authentication.\r\nThis vulnerability, also known as CVE-2020-10148, is the vulnerability that SolarWinds has indicated to have\r\nbeen used to install the malware known as SUPERNOVA.\r\nWe have created a python3 script to check for vulnerable SolarWinds Orion servers: swcheck.py\r\nImpact\r\nThis vulnerability could allow a remote attacker to bypass authentication and execute API commands which may\r\nresult in a compromise of the SolarWinds instance.\r\nSolution\r\nApply an Update\r\nUsers should update to the relevant versions of the SolarWinds Orion Platform:\r\n2019.4 HF 6 (released December 14, 2020)\r\n2020.2.1 HF 2 (released December 15, 2020)\r\n2019.2 SUPERNOVA Patch (released December 23, 2020)\r\n2018.4 SUPERNOVA Patch (released December 23, 2020)\r\n2018.2 SUPERNOVA Patch (released December 23, 2020)\r\nMore information can be found in the SolarWinds Security Advisory.\r\nHarden the IIS Server\r\nhttps://www.kb.cert.org/vuls/id/843464\r\nPage 1 of 2\n\nEspecially in cases when updates cannot be installed, we recommend that users implement these mitigations to\r\nharden the IIS server.\r\nAcknowledgements\r\nThis document was written by Madison Oliver and Will Dormann.\r\nVendor Information\r\n843464\r\nFilter by status:\r\nFilter by content: Additional information available\r\n Sort by:\r\nReferences\r\nhttps://www.solarwinds.com/securityadvisory\r\nhttps://cyber.dhs.gov/ed/21-01/\r\nhttps://us-cert.cisa.gov/ncas/current-activity/2020/12/13/active-exploitation-solarwinds-software\r\nhttps://us-cert.cisa.gov/ncas/analysis-reports/ar21-027a\r\nhttps://github.com/solarwinds/OrionSDK/wiki\r\nhttps://downloads.solarwinds.com/solarwinds/Support/SupernovaMitigation.zip\r\nOther Information\r\nCVE IDs: CVE-2020-10148\r\nDate Public: 2020-12-26\r\nDate First Published: 2020-12-26\r\nDate Last Updated: 2021-01-28 16:53 UTC\r\nDocument Revision: 12\r\nSource: https://www.kb.cert.org/vuls/id/843464\r\nhttps://www.kb.cert.org/vuls/id/843464\r\nPage 2 of 2\n\nApply an Update Users should update to the relevant versions of the SolarWinds Orion Platform:\n2019.4 HF 6 (released December 14, 2020) \n2020.2.1 HF 2 (released December 15, 2020) \n2019.2 SUPERNOVA Patch (released December 23, 2020)\n2018.4 SUPERNOVA Patch (released December 23, 2020)\n2018.2 SUPERNOVA Patch (released December 23, 2020)\nMore information can be found in the SolarWinds Security Advisory.\nHarden the IIS Server \n Page 1 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "MITRE" ], "references": [ "https://www.kb.cert.org/vuls/id/843464" ], "report_names": [ "843464" ], "threat_actors": [], "ts_created_at": 1775434767, "ts_updated_at": 1775791290, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/018d0af4f623bd15aa102d0e57567cf4de423fe0.pdf", "text": "https://archive.orkl.eu/018d0af4f623bd15aa102d0e57567cf4de423fe0.txt", "img": "https://archive.orkl.eu/018d0af4f623bd15aa102d0e57567cf4de423fe0.jpg" } }