Vulnerabilities (CVE)

Filtered by vendor Solarwinds Subscribe
Total 249 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-14005 1 Solarwinds 2 Orion Network Performance Monitor, Orion Web Performance Monitor 2023-12-10 9.0 HIGH 8.8 HIGH
Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows remote attackers to execute arbitrary code via a defined event.
CVE-2020-14007 1 Solarwinds 2 Orion Network Performance Monitor, Orion Web Performance Monitor 2023-12-10 3.5 LOW 5.4 MEDIUM
Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows XSS via a name of an alert definition.
CVE-2020-15573 1 Solarwinds 1 Serv-u 2023-12-10 4.3 MEDIUM 6.1 MEDIUM
SolarWinds Serv-U File Server before 15.2.1 has a "Cross-script vulnerability," aka Case Numbers 00041778 and 00306421.
CVE-2020-13912 1 Solarwinds 1 Advanced Monitoring Agent 2023-12-10 6.0 MEDIUM 7.3 HIGH
SolarWinds Advanced Monitoring Agent before 10.8.9 allows local users to gain privileges via a Trojan horse .exe file, because everyone can write to a certain .exe file.
CVE-2020-14006 1 Solarwinds 2 Orion Network Performance Monitor, Orion Web Performance Monitor 2023-12-10 3.5 LOW 5.4 MEDIUM
Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows XSS via a Responsible Team.
CVE-2020-15543 1 Solarwinds 1 Serv-u Ftp Server 2023-12-10 7.5 HIGH 9.8 CRITICAL
SolarWinds Serv-U FTP server before 15.2.1 does not validate an argument path.
CVE-2019-12864 1 Solarwinds 3 Netpath, Network Performance Monitor, Orion Platform 2023-12-10 2.1 LOW 5.5 MEDIUM
SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) is vulnerable to Information Leakage, because of improper error handling with stack traces, as demonstrated by discovering a full pathname upon a 500 Internal Server Error via the api2/swis/query?lang=en-us&swAlertOnError=false query parameter.
CVE-2020-15542 1 Solarwinds 1 Serv-u Ftp Server 2023-12-10 7.5 HIGH 9.8 CRITICAL
SolarWinds Serv-U FTP server before 15.2.1 mishandles the CHMOD command.
CVE-2020-15576 1 Solarwinds 1 Serv-u 2023-12-10 5.0 MEDIUM 7.5 HIGH
SolarWinds Serv-U File Server before 15.2.1 allows information disclosure via an HTTP response.
CVE-2020-13169 1 Solarwinds 1 Orion Platform 2023-12-10 3.5 LOW 9.0 CRITICAL
Stored XSS (Cross-Site Scripting) exists in the SolarWinds Orion Platform before before 2020.2.1 on multiple forms and pages. This vulnerability may lead to the Information Disclosure and Escalation of Privileges (takeover of administrator account).
CVE-2019-13181 1 Solarwinds 1 Serv-u Ftp Server 2023-12-10 4.0 MEDIUM 6.5 MEDIUM
A CSV injection vulnerability exists in the web UI of SolarWinds Serv-U FTP Server v15.1.7.
CVE-2019-12863 1 Solarwinds 3 Netpath, Network Performance Monitor, Orion Platform 2023-12-10 3.5 LOW 4.8 MEDIUM
SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) allows Stored HTML Injection by administrators via the Web Console Settings screen.
CVE-2019-3980 1 Solarwinds 1 Dameware Mini Remote Control 2023-12-10 10.0 HIGH 9.8 CRITICAL
The Solarwinds Dameware Mini Remote Client agent v12.1.0.89 supports smart card authentication which can allow a user to upload an executable to be executed on the DWRCS.exe host. An unauthenticated, remote attacker can request smart card login and upload and execute an arbitrary executable run under the Local System account.
CVE-2019-17125 1 Solarwinds 1 Orion Platform 2023-12-10 4.3 MEDIUM 6.1 MEDIUM
A Reflected Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many forms. An attacker can inject an Angular expression and escape the Angular sandbox to achieve stored XSS.
CVE-2019-19829 1 Solarwinds 1 Serv-u Ftp Server 2023-12-10 3.5 LOW 5.4 MEDIUM
A cross-site scripting (XSS) vulnerability exists in SolarWinds Serv-U FTP Server 15.1.7 in the email parameter, a different vulnerability than CVE-2018-19934 and CVE-2019-13182.
CVE-2019-13182 1 Solarwinds 1 Serv-u Ftp Server 2023-12-10 3.5 LOW 5.4 MEDIUM
A stored cross-site scripting (XSS) vulnerability exists in the web UI of SolarWinds Serv-U FTP Server 15.1.7.
CVE-2019-12954 1 Solarwinds 2 Network Performance Monitor Orion Platform 2018 Netpath, Network Performance Monitor Orion Platform 2018 Npm 2023-12-10 3.5 LOW 5.4 MEDIUM
SolarWinds Network Performance Monitor (Orion Platform 2018, NPM 12.3, NetPath 1.1.3) allows XSS by authenticated users via a crafted onerror attribute of a VIDEO element in an action for an ALERT.
CVE-2019-17127 1 Solarwinds 1 Orion Platform 2023-12-10 4.3 MEDIUM 6.1 MEDIUM
A Stored Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many application forms. An attacker can inject an Angular expression and escape the Angular sandbox to achieve stored XSS. This can lead to privilege escalation.
CVE-2020-7984 1 Solarwinds 1 N-central 2023-12-10 5.0 MEDIUM 7.5 HIGH
SolarWinds N-central before 12.1 SP1 HF5 and 12.2 before SP1 HF2 allows remote attackers to retrieve cleartext domain admin credentials from the Agent & Probe settings, and obtain other sensitive information. The attacker can use a customer ID to self register and read any aspects of the agent/appliance configuration.
CVE-2019-9017 1 Solarwinds 1 Dameware Mini Remote Control 2023-12-10 5.0 MEDIUM 7.5 HIGH
DWRCC in SolarWinds DameWare Mini Remote Control 10.0 x64 has a Buffer Overflow associated with the size field for the machine name.