Which of the following best describes how a software vulnerability in SolarWinds was exploited and used in a supply chain cyber attack?

$1.$

The threat actor injected malicious code into the SolarWinds software prior to production $($within the production pipeline$).$

$2.$

The threat actor exploited vulnerabilities in the SolarWinds software already deployed in production.

$3.$

The threat actor exploited human vulnerabilities $($via phishing emails$)$ for users of the SolarWinds software.

$4.$

The threat actor exploited security misconfigurations of the SolarWinds platform deployed by several organizations.