CVE-2020-10148

Statement on CVE-2020-10148 SolarWinds Orion API Vulnerability

Januarary 14, 2021

Information

The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. This vulnerability could allow a remote attacker to bypass authentication and execute API commands which may result in a compromise of the SolarWinds instance. SolarWinds Orion Platform versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1 are affected.

Severity

Low

Response

Melissa Data Corporation (“Melissa”) does not utilize any SolarWinds products in any of its Information Technology systems. Additionally, Melissa was not using any SolarWinds products in the timeframe during which SolarWinds products had been affected by the malware and cyberattacks reported in December 2020.

Melissa will continue to follow all guidance provided for this vulnerability as necessary to prevent any future risks.

If you have any additional questions, please contact Melissa’s Compliance department at Compliance@melissa.com.