Robert Scammell
3rd February 2021 (Last Updated February 3rd, 2021 12:57)
Ascannio / Shutterstock.com
Share Article
Security researchers have discovered three “severe” security flaws in IT products made by SolarWinds, the company at the centre of a sprawling cyberattack that compromised up to 18,000 customers.
The most critical SolarWinds vulnerability allows remote code execution with high privileges of the company’s Orion platform, used for IT management.
The other two vulnerabilities are exploitable by someone with local access to take control of the SOLARWINDS_ORION database, which could allow an attacker to steal data or add a new user with admin-level privileges. All three vulnerabilities have now been patched.