SolarWinds and some of its top executives have been hit with a class action lawsuit by stockholders in the wake of the cyberattack that infiltrated the supply chain through its Orion management software. ( SolarWinds letters  by sfoskett is licensed under CC BY-NC-SA 2.0)
Researchers at Trustwave reported three new vulnerabilities in SolarWinds products â the latest hurdle for the first company linked to a massive espionage campaign that breached government agencies and private sector firms.
The vulnerabilities, which have been already been patched, included a remote code execution flaw in Orion that required only network access. That flaw allows hackers to use an improperly installed Microsoft Messaging Queue to send commands for a server to execute.
The by-now infamous company has issued patches for three security vulnerabilities in total.
Three serious vulnerabilities have been found in SolarWinds products: Two in the Orion User Device Tracker and one in the Serv-U FTP for Windows product. The most severe of these could allow trivial remote code execution with high privileges.
The SolarWinds Orion platform is the network management tool at the heart of the recent espionage attack against several U.S. government agencies, tech companies and other high-profile targets. It allows users to manage devices, software and firmware versioning, applications and so on, and has full visibility into enterprise customer networks.