Vulnerabilities > Solarwinds

DATE CVE VULNERABILITY TITLE RISK
2022-05-17 CVE-2021-35249 Incorrect Authorization vulnerability in Solarwinds Serv-U
This broken access control vulnerability pertains specifically to a domain admin who can access configuration & user data of other domains which they should not have access to.
network
low complexity
solarwinds CWE-863
4.0
2022-04-25 CVE-2021-35250 Path Traversal vulnerability in Solarwinds Serv-U 15.3
A researcher reported a Directory Transversal Vulnerability in Serv-U 15.3.
network
low complexity
solarwinds CWE-22
5.0
2022-04-21 CVE-2021-35229 Cross-site Scripting vulnerability in Solarwinds products
Cross-site scripting vulnerability is present in Database Performance Monitor 2022.1.7779 and previous versions when using a complex SQL query
network
solarwinds CWE-79
4.3
2022-03-25 CVE-2021-35254 Improper Input Validation vulnerability in Solarwinds Webhelpdesk
SolarWinds received a report of a vulnerability related to an input that was not sanitized in WebHelpDesk.
network
low complexity
solarwinds CWE-20
6.5
2022-03-10 CVE-2021-35251 Information Exposure Through an Error Message vulnerability in Solarwinds web Help Desk
Sensitive information could be displayed when a detailed technical error message is posted.
network
low complexity
solarwinds CWE-209
5.0
2022-01-10 CVE-2021-35247 Improper Input Validation vulnerability in Solarwinds Serv-U
Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized.
network
low complexity
solarwinds CWE-20
5.0
2021-12-27 CVE-2021-35232 Use of Hard-coded Credentials vulnerability in Solarwinds Webhelpdesk
Hard coded credentials discovered in SolarWinds Web Help Desk product.
local
low complexity
solarwinds CWE-798
3.6
2021-12-23 CVE-2021-35243 Unspecified vulnerability in Solarwinds web Help Desk
The HTTP PUT and DELETE methods were enabled in the Web Help Desk web server (12.7.7 and earlier), allowing users to execute dangerous HTTP requests.
network
low complexity
solarwinds
5.0
2021-12-20 CVE-2021-35234 SQL Injection vulnerability in Solarwinds Orion Platform
Numerous exposed dangerous functions within Orion Core has allows for read-only SQL injection leading to privileged escalation.
network
low complexity
solarwinds CWE-89
6.5
2021-12-20 CVE-2021-35244 Unrestricted Upload of File with Dangerous Type vulnerability in Solarwinds Orion Platform
The "Log alert to a file" action within action management enables any Orion Platform user with Orion alert management rights to write to any file.
8.5