Security Alert (14th December 2020)

Ref# SolarWinds | Date: Dec 15th 2020


On the 14th December 2020, SolarWinds indicated that their systems had experienced a highly sophisticated, manual supply chain attack affecting the SolarWinds Orion Platform.

A supply chain attack, also called a value-chain or third-party attack, occurs when someone infiltrates your system through an outside partner or provider with access to your systems and data.[1]


The SolarWinds Orion Platform is a powerful, scalable infrastructure monitoring and management platform designed to simplify IT administration for on-premises, hybrid, and software as a service (SaaS) environment in a single pane of glass. 

The versions affected by this attack are the 2019.4 Hot Fix (HF) 5 and 2020.2 with no hotfix or 2020.2 HF 1 including:

  • Application Centric Monitor (ACM)
  • Database Performance Analyzer Integration Module (DPAIM)
  • Enterprise Operations Console (EOC)
  • High Availability (HA)
  • IP Address Manager (IPAM)
  • Log Analyzer (LA)
  • Network Automation Manager (NAM)
  • Network Configuration Manager (NCM)
  • Network Operations Manager (NOM)
  • Network Performance Monitor (NPM)
  • NetFlow Traffic Analyzer (NTA)
  • Server & Application Monitor (SAM)
  • Server Configuration Monitor (SCM)
  • Storage Resource Monitor (SCM)
  • User Device Tracker (UDT)
  • Virtualization Manager (VMAN)
  • VoIP & Network Quality Manager (VNQM)
  • Web Performance Monitor (WPM)

Solutions and Work arounds

  • Immediately update the Orion Platform v2020.2 with no hotfix or 2020.2 HF 1 to the Orion Platform version 2020.2.1 HF 1 as soon as possible to ensure the security of your environment.
  • Immediately update the Orion Platform v2019.4 HF 5 to 2019.4 HF 6.

For more information on this attack, please visit the URL:

The Guyana National CIRT recommends that users and administrators review this alert and the remediation strategies and apply them where necessary.


  •  SolarWinds Security Advisory (14th December 2020). Retrieved from SolarWinds:

  • Security Advisory Regarding SolarWinds Supply Chain Compromise (14th December 2020). Retrieved from Security Boulevard: