Vulnerabilities > Solarwinds

DATE CVE VULNERABILITY TITLE RISK
2021-10-29 CVE-2021-35237 Unspecified vulnerability in Solarwinds Kiwi Syslog Server
A missing HTTP header (X-Frame-Options) in Kiwi Syslog Server has left customers vulnerable to click jacking.
network
solarwinds
4.3
2021-10-27 CVE-2021-35236 Missing Encryption of Sensitive Data vulnerability in Solarwinds Kiwi Syslog Server
The Secure flag is not set in the SSL Cookie of Kiwi Syslog Server 9.7.2 and previous versions.
network
low complexity
solarwinds CWE-311
5.0
2021-10-27 CVE-2021-35235 Unspecified vulnerability in Solarwinds Kiwi Syslog Server
The ASP.NET debug feature is enabled by default in Kiwi Syslog Server 9.7.2 and previous versions.
network
low complexity
solarwinds
5.0
2021-10-27 CVE-2021-35233 Unspecified vulnerability in Solarwinds Kiwi Syslog Server
The HTTP TRACK & TRACE methods were enabled in Kiwi Syslog Server 9.7.1 and earlier.
network
low complexity
solarwinds
5.0
2021-10-25 CVE-2021-35231 Unquoted Search Path or Element vulnerability in Solarwinds Kiwi Syslog Server
As a result of an unquoted service path vulnerability present in the Kiwi Syslog Server Installation Wizard, a local attacker could gain escalated privileges by inserting an executable into the path of the affected service or uninstall entry.
local
low complexity
solarwinds CWE-428
4.6
2021-10-22 CVE-2021-35230 Path Traversal vulnerability in Solarwinds Kiwi Cattools 3.6.0(Serviceedition)
As a result of an unquoted service path vulnerability present in the Kiwi CatTools Installation Wizard, a local attacker could gain escalated privileges by inserting an executable into the path of the affected service or uninstall entry.
local
low complexity
solarwinds CWE-22
7.2
2021-10-21 CVE-2021-35228 Cross-site Scripting vulnerability in Solarwinds Database Performance Analyzer 2021.3.7388
This vulnerability occurred due to missing input sanitization for one of the output fields that is extracted from headers on specific section of page causing a reflective cross site scripting attack.
network
high complexity
solarwinds CWE-79
2.6
2021-10-21 CVE-2021-35227 Deserialization of Untrusted Data vulnerability in Solarwinds Access Rights Manager
The HTTP interface was enabled for RabbitMQ Plugin in ARM 2020.2.6 and the ability to configure HTTPS was not available.
local
low complexity
solarwinds CWE-502
4.6
2021-10-21 CVE-2021-35225 Improper Privilege Management vulnerability in Solarwinds Network Performance Monitor
Each authenticated Orion Platform user in a MSP (Managed Service Provider) environment can view and browse all NetPath Services from all that MSP's customers.
network
low complexity
solarwinds CWE-269
5.5
2021-10-12 CVE-2021-35214 Insufficient Session Expiration vulnerability in Solarwinds Pingdom
The vulnerability in SolarWinds Pingdom can be described as a failure to invalidate user session upon password or email address change.
1.9