The SolarWinds Orion platform is the network management tool at the heart of the recent espionage attack against several U.S. government agencies, tech companies and other high-profile targets. The by-now infamous company has issued patches for three security vulnerabilities in total. The most severe of these could allow trivial remote code execution with high privileges. These fresh vulnerabilities have not been shown to be used in the spy attack, but admins should nonetheless apply patches as soon as possible, according to Trustwave.
Source: https://threatpost.com/solarwinds-orion-bug-remote-code-execution/163618/