CVE-2020-10148#
Statement on CVE-2020-10148 SolarWinds Orion API Vulnerability#
Januarary 14, 2021
Information#
The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. This vulnerability could allow a remote attacker to bypass authentication and execute API commands which may result in a compromise of the SolarWinds instance. SolarWinds Orion Platform versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1 are affected.
Severity#
Low
Response#
Melissa Data Corporation (“Melissa”) does not utilize any SolarWinds products in any of its Information Technology systems. Additionally, Melissa was not using any SolarWinds products in the timeframe during which SolarWinds products had been affected by the malware and cyberattacks reported in December 2020.
Melissa will continue to follow all guidance provided for this vulnerability as necessary to prevent any future risks.