SolarWinds releases a new update to its Orion networking monitoring tool with fixes for four security vulnerabilities. The fixes include two weaknesses that could be exploited by an authenticated attacker to achieve remote code execution (RCE) The latest round of fixes arrives almost two months after the Texas-based company addressed two severe security vulnerabilities impacting Orion Platform. The latest update also brings a number of security improvements, including fixes for preventing XSS attacks and enabling UAC protection for Orion database manager. Users are recommended to update to the latest release, “Orion Platform 2020.2.5”
Source: https://thehackernews.com/2021/03/solarwinds-orion-vulnerability.html