CyberSecurityBoard
Sponsor Register Login

SolarWinds Releases Hotfix for Critical Vulnerability in Orion Platform

SolarWinds has released a critical hotfix addressing a severe vulnerability in its Orion Platform, widely used for IT management and monitoring. This vulnerability could allow attackers to execute arbitrary code remotely, posing significant risks to organizations relying on SolarWinds' software. The company urges all users to apply the hotfix immediately to mitigate potential exploitation. This update follows increased scrutiny of SolarWinds' security posture after previous high-profile supply chain attacks. The hotfix enhances the platform's security by patching the flaw and preventing unauthorized access. Cybersecurity experts recommend organizations to review their systems for signs of compromise and ensure all software components are up to date. This incident underscores the importance of timely patch management and vigilance against emerging threats in critical infrastructure software. SolarWinds continues to monitor the situation and collaborate with security researchers to safeguard its customers. Users should follow official guidance and verify the integrity of updates to maintain robust defense against cyber threats.

This Cyber News was published on thehackernews.com. Publication date: Tue, 23 Sep 2025 22:14:03 +0000


Cyber News related to SolarWinds Releases Hotfix for Critical Vulnerability in Orion Platform

CVE-2019-6675 - BIG-IP configurations using Active Directory, LDAP, or Client Certificate LDAP for management authentication with multiple servers are exposed to a vulnerability which allows an authentication bypass. This can result in a complete compromise of the ...
5 years ago
CISOs on alert following SEC charges against SolarWinds - While the outcome of the Security and Exchange Commission's complaint against SolarWinds remains to be seen, infosec experts say the charges are likely to have a major impact on the role of the CISO going forward. In late October, the SEC charged ...
1 year ago Techtarget.com
Adapting to the Post-SolarWinds Era: Supply Chain Security in 2024 - COMMENTARY. In December 2020, the SolarWinds attack sent shockwaves around the world. Attackers gained unauthorized access to SolarWinds' software development environment, injected malicious code into Orion platform updates, and created a backdoor ...
1 year ago Darkreading.com
SolarWinds Releases Hotfix for Critical Vulnerability in Orion Platform - SolarWinds has released a critical hotfix addressing a severe vulnerability in its Orion Platform, widely used for IT management and monitoring. This vulnerability could allow attackers to execute arbitrary code remotely, posing significant risks to ...
2 weeks ago Thehackernews.com CVE-2025-12345
SolarWinds Files Motion to Dismiss SEC Lawsuit - In a new filing with the US Southern District Court of New York, SolarWinds argued that the Securities and Exchange Commission was outside of its depth of expertise as well as its scope of authority in charging SolarWinds and its chief information ...
1 year ago Darkreading.com
Echoes of SolarWinds: JetBrains TeamCity servers under attack by Russia-backed hackers - The SolarWinds hackers are infiltrating JetBrains TeamCity servers via a critical vulnerability enabling authorization bypass and arbitrary code execution, government officials warn. Russian Foreign Intelligence Service-backed threat actor CozyBear ...
1 year ago Packetstormsecurity.com CVE-2023-42793
RCE vulnerabilities fixed in SolarWinds enterprise solutions - SolarWinds has released updates for Access Rights Manager and Platform that fix vulnerabilities that could allow attackers to execute code on vulnerable installations. The company whose Orion IT administration platform has been infamously compromised ...
1 year ago Helpnetsecurity.com CVE-2024-23476 CVE-2024-23479 CVE-2024-23477 CVE-2023-40057 CVE-2024-23478 CVE-2023-50395 CVE-2023-35188
SonicWall SMA1000 Vulnerability Let Attackers to Exploit Encoded URLs To Gain Internal Systems Access Remotely - SonicWall has issued a high-priority security advisory (SNWLID-2025-0010) revealing a critical Server-Side Request Forgery (SSRF) vulnerability in its SMA1000 Appliance Work Place interface. Discovered by security researcher Ronan Kervella of ...
4 months ago Cybersecuritynews.com
CVE-2020-10148 - The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. This vulnerability could allow a remote attacker to bypass authentication and execute API commands which may result in a ...
2 years ago
Critical RCE flaws found in SolarWinds access audit solution - Security researchers found three critical remote code execution vulnerabilities in the SolarWinds Access Rights Manager product that remote attackers could use to run code with SYSTEM privileges. SolarWinds ARM is a tool that enables organizations to ...
1 year ago Bleepingcomputer.com
CVE-2014-9920 - Unauthorized execution of binary vulnerability in McAfee (now Intel Security) McAfee Application Control (MAC) 6.0.0 before hotfix 9726, 6.0.1 before hotfix 9068, 6.1.0 before hotfix 692, 6.1.1 before hotfix 399, 6.1.2 before hotfix 426, and 6.1.3 ...
8 years ago
CVE-2011-5102 - The Investigative Reports web interface in the TRITON management console in Websense Web Security 7.1 before Hotfix 109, 7.1.1 before Hotfix 06, 7.5 before Hotfix 78, 7.5.1 before Hotfix 12, 7.6 before Hotfix 24, and 7.6.2 before Hotfix 12; Web ...
13 years ago
CVE-2017-6910 - The HTTP and WebSocket engine components in the server in Kaazing Gateway before 4.5.3 hotfix-1, Gateway - JMS Edition before 4.0.5 hotfix-15, 4.0.6 before hotfix-4, 4.0.7, 4.0.9 before hotfix-19, 4.4.x before 4.4.2 hotfix-1, 4.5.x before 4.5.3 ...
4 years ago
CVE-2022-36407 - Insertion of Sensitive Information into Log File vulnerability in Hitachi Virtual Storage Platform, Hitachi Virtual Storage Platform VP9500, Hitachi Virtual Storage Platform G1000, G1500, Hitachi Virtual Storage Platform F1500, Hitachi Virtual ...
1 year ago
Former Uber CISO Speaks Out, After 6 Years, on Data Breach, SolarWinds - Joe Sullivan arrived at his sentencing hearing on May 4 this year, prepared to go to jail had the judge not gone with a parole board's recommendation of probation. A federal jury convicted the former Uber CISO months earlier on two charges of fraud ...
1 year ago Darkreading.com
CVE-2023-45162 - Affected 1E Platform versions have a Blind SQL Injection vulnerability that can lead to arbitrary code execution.  ...
1 year ago
15 Best Bandwidth Monitoring Tools in 2025 - By providing real-time data on network usage, bandwidth monitoring tools enable proactive management and quick resolution of issues that could impact network performance. It provides real-time monitoring of network performance, traffic analysis, and ...
2 months ago Cybersecuritynews.com
Global TeamCity Exploitation Opens Door to SolarWinds-Style Nightmare - APT29, the notorious Russian advanced persistent threat behind the 2020 SolarWinds hack, is actively exploiting a critical security vulnerability in JetBrains TeamCity that could open the door to rampant software supply chain attacks. According to ...
1 year ago Darkreading.com CVE-2023-42793 Andariel APT29 Lazarus Group
CVE-2011-1102 - Cross-site scripting (XSS) vulnerability in the WebReporting module in F-Secure Policy Manager 7.x, 8.00 before hotfix 2, 8.1x before hotfix 3 on Windows and hotfix 2 on Linux, and 9.00 before hotfix 4 on Windows and hotfix 2 on Linux, allows remote ...
8 years ago
CVE-2014-0347 - The Settings module in Websense Triton Unified Security Center 7.7.3 before Hotfix 31, Web Filter 7.7.3 before Hotfix 31, Web Security 7.7.3 before Hotfix 31, Web Security Gateway 7.7.3 before Hotfix 31, and Web Security Gateway Anywhere 7.7.3 before ...
11 years ago
CVE-2011-1103 - The WebReporting module in F-Secure Policy Manager 7.x, 8.00 before hotfix 2, 8.1x before hotfix 3 on Windows and hotfix 2 on Linux, and 9.00 before hotfix 4 on Windows and hotfix 2 on Linux, allows remote attackers to obtain sensitive information ...
8 years ago
CVE-2023-45159 - 1E Client installer can perform arbitrary file deletion on protected files.   ...
1 year ago
CVE-2011-2733 - EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, SP1 Patch 3, SP2, SP2 Patch 1, and SP3 does not prevent reuse of authentication information during a session, which allows remote authenticated users to bypass intended access ...
7 years ago
SolarWinds releases third patch to fix Web Help Desk RCE bug - SolarWinds has issued its third security patch to address a critical remote code execution (RCE) vulnerability in its Web Help Desk software. This vulnerability, identified as CVE-2023-35078, allows attackers to execute arbitrary code on affected ...
2 weeks ago Bleepingcomputer.com CVE-2023-35078
CVE-2020-5852 - Undisclosed traffic patterns received may cause a disruption of service to the Traffic Management Microkernel (TMM). This vulnerability affects TMM through a virtual server configured with a FastL4 profile. Traffic processing is disrupted while TMM ...
5 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)