Improper Authentication

The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. This vulnerability could allow a remote attacker to bypass authentication and execute API commands which may result in a compromise of the SolarWinds instance. SolarWinds Orion Platform versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1 are affected.

CVE-2020-10148

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2509-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/               Emilio Pozuelo Monfort
December 29, 2020                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : tzdata
Version        : 2020e-0+deb9u1

This update includes the changes in tzdata 2020e. Notable
changes are:

- - Volgograd switched to Moscow time on 2020-12-27 at 02:00.

For Debian 9 stretch, this problem has been fixed in version
2020e-0+deb9u1.

We recommend that you upgrade your tzdata packages.

For the detailed security status of tzdata please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/tzdata

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


<hr />
Debian LTS Advisory DLA-2509-1 <a href="mailto:debian-lts@lists.debian.org">debian-lts@lists.debian.org</a>
<a href="https://www.debian.org/lts/security/">https://www.debian.org/lts/security/</a> Emilio Pozuelo Monfort
December 29, 2020 <a href="https://wiki.debian.org/LTS">https://wiki.debian.org/LTS</a>
<hr />
Package : tzdata
Version : 2020e-0+deb9u1
This update includes the changes in tzdata 2020e. Notable
changes are:
<ul>
<li><ul>
<li>Volgograd switched to Moscow time on 2020-12-27 at 02:00.</li>
</ul>
</li>
</ul>
For Debian 9 stretch, this problem has been fixed in version
2020e-0+deb9u1.
We recommend that you upgrade your tzdata packages.
For the detailed security status of tzdata please refer to
its security tracker page at:
<a href="https://security-tracker.debian.org/tracker/tzdata">https://security-tracker.debian.org/tracker/tzdata</a>
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: <a href="https://wiki.debian.org/LTS">https://wiki.debian.org/LTS</a>

Debian

[SECURITY] [DLA 2509-1] tzdata new upstream version

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2510-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/               Emilio Pozuelo Monfort
December 29, 2020                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : libdatetime-timezone-perl
Version        : 1:2.09-1+2020e

This update includes the changes in tzdata 2020e for the
Perl bindings. For the list of changes, see DLA-2510-1.

For Debian 9 stretch, this problem has been fixed in version
1:2.09-1+2020e.

We recommend that you upgrade your libdatetime-timezone-perl packages.

For the detailed security status of libdatetime-timezone-perl please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libdatetime-timezone-perl

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


<hr />
Debian LTS Advisory DLA-2510-1 <a href="mailto:debian-lts@lists.debian.org">debian-lts@lists.debian.org</a>
<a href="https://www.debian.org/lts/security/">https://www.debian.org/lts/security/</a> Emilio Pozuelo Monfort
December 29, 2020 <a href="https://wiki.debian.org/LTS">https://wiki.debian.org/LTS</a>
<hr />
Package : libdatetime-timezone-perl
Version : 1:2.09-1+2020e
This update includes the changes in tzdata 2020e for the
Perl bindings. For the list of changes, see DLA-2510-1.
For Debian 9 stretch, this problem has been fixed in version
1:2.09-1+2020e.
We recommend that you upgrade your libdatetime-timezone-perl packages.
For the detailed security status of libdatetime-timezone-perl please refer to
its security tracker page at:
<a href="https://security-tracker.debian.org/tracker/libdatetime-timezone-perl">https://security-tracker.debian.org/tracker/libdatetime-timezone-perl</a>
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: <a href="https://wiki.debian.org/LTS">https://wiki.debian.org/LTS</a>

[SECURITY] [DLA 2510-1] libdatetime-timezone-perl new upstream release

Orion Platform versions 2019.4 HF6 and 2020.2.1 HF2 were designed to protect you from both SUNBURST and SUPERNOVA. If you are using one of those versions, we do not recommend that you take any actions at this time.

 

If you’re unable to upgrade at this time, we have provided a script that customers can install to temporarily protect their environment against the SUPERNOVA malware. The script is available at https://downloads.solarwinds.com/solarwinds/Support/SupernovaMitigation.zip.

We recommend that all active maintenance customers of Orion Platform products, except those customers already on Orion Platform versions 2019.4 HF 6 or 2020.2.1 HF 2, apply the latest updates related to the version of the product they have deployed, as soon as possible. These updates contain security enhancements including those designed to protect you from SUNBURST and SUPERNOVA. NOTE: If you reinstall, you need to re-apply the patch or hotfix.

 

The latest updates designed to protect against SUNBURST and SUPERNOVA are as follows:

2019.4 HF 6 (released December 14, 2020)
2020.2.1 HF 2 (released December 15, 2020)
2019.2 SUPERNOVA Patch (released December 23, 2020)
2018.4 SUPERNOVA Patch (released December 23, 2020)
2018.2 SUPERNOVA Patch (released December 23, 2020)
 

Orion Platform versions 2019.4 HF6 and 2020.2.1 HF2 were designed to protect you from both SUNBURST and SUPERNOVA. If you are using one of those versions, we do not recommend that you take any actions at this time.
If you’re unable to upgrade at this time, we have provided a script that customers can install to temporarily protect their environment against the SUPERNOVA malware. The script is available at <a href="https://downloads.solarwinds.com/solarwinds/Support/SupernovaMitigation.zip">https://downloads.solarwinds.com/solarwinds/Support/SupernovaMitigation.zip</a>.
We recommend that all active maintenance customers of Orion Platform products, except those customers already on Orion Platform versions 2019.4 HF 6 or 2020.2.1 HF 2, apply the latest updates related to the version of the product they have deployed, as soon as possible. These updates contain security enhancements including those designed to protect you from SUNBURST and SUPERNOVA. NOTE: If you reinstall, you need to re-apply the patch or hotfix.
The latest updates designed to protect against SUNBURST and SUPERNOVA are as follows:
2019.4 HF 6 (released December 14, 2020)
2020.2.1 HF 2 (released December 15, 2020)
2019.2 SUPERNOVA Patch (released December 23, 2020)
2018.4 SUPERNOVA Patch (released December 23, 2020)
2018.2 SUPERNOVA Patch (released December 23, 2020)

SolarWinds

SolarWinds Security Advisory

Featured CVEs

Feed of the featured CVEs from Vulcan Remedy Cloud.

Vulcan Remedy Cloud - Featured CVEs

Thank you for downloading from Remedy Cloud!

Please fill out the form to download the CSV

Your Script is On It's Way!

Tell us where to send the script

Your Email Was Successfully Sent!

Email

Your Name

Your fix has been sent successfully!

Suggest a Fix

Search for a CVE below to see all the available fixes

Remedy Cloud

Loading - Vulcan Remedy Cloud

The page you are looking for was moved, removed, renamed or might never existed.

CVE-2020-10148

3 fixes found:

Version Update

[SECURITY] [DLA 2509-1] tzdata new upstream version

Version Update

[SECURITY] [DLA 2510-1] libdatetime-timezone-perl new upstream release

Version Update

SolarWinds Security Advisory