Researchers reported three new vulnerabilities in SolarWinds products
The vulnerabilities, which have been already been patched, included a remote code execution flaw in Orion that required only network access. That flaw allows hackers to use an improperly installed Microsoft Messaging Queue to send commands for a server to execute.
Two other vulnerabilities require local access. One flaw in SolarWinds Serv-U FTP allows users to grant themselves read and write access, while a second flaw in Orion stemmed from insecurely stored credentials guarding the SOLARWINDS_ORION database.
SolarWinds, a widely used network management vendor, was the first of a handful of firms leveraged in supply chain attacks
All products within supply chains will have to adapt to the new reality that began after the SolarWinds breaches were discovered. Indeed, new assessments of their products, looking for any signs of suspicious activity, code anomalies, or exploits.