Vulnerabilities > Solarwinds

DATE CVE VULNERABILITY TITLE RISK
2021-07-14 CVE-2021-35211 Exposure of Resource TO Wrong Sphere vulnerability in Solarwinds Serv-U 15.1.6/15.2.1/15.2.3
Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability.
network
low complexity
solarwinds CWE-668
critical
10.0
2021-07-13 CVE-2021-31217 Incorrect Default Permissions vulnerability in Solarwinds Dameware Mini Remote Control 12.0.1.200
In SolarWinds DameWare Mini Remote Control Server 12.0.1.200, insecure file permissions allow file deletion as SYSTEM.
network
low complexity
solarwinds CWE-276
critical
9.4
2021-05-21 CVE-2021-31474 Deserialization of Untrusted Data vulnerability in Solarwinds Network Performance Monitor
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor 2020.2.1.
network
low complexity
solarwinds CWE-502
critical
10.0
2021-05-21 CVE-2021-31475 Incorrect Permission Assignment for Critical Resource vulnerability in Solarwinds Orion JOB Scheduler 2020.2.1
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Job Scheduler 2020.2.1 HF 2.
network
low complexity
solarwinds CWE-732
critical
9.0
2021-05-11 CVE-2021-32604 Cross-Site Scripting vulnerability in Solarwinds Serv-U 15.1.6/15.2.1
Share/IncomingWizard.htm in SolarWinds Serv-U before 15.2.3 mishandles the user-supplied SenderEmail parameter, aka "Share URL XSS."
network
solarwinds CWE-79
4.3
2021-05-05 CVE-2021-25179 Cross-Site Scripting vulnerability in Solarwinds Serv-U File Server
SolarWinds Serv-U before 15.2 is affected by Cross Site Scripting (XSS) via the HTTP Host header.
network
solarwinds CWE-79
4.3
2021-05-05 CVE-2020-22428 Cross-Site Scripting vulnerability in Solarwinds Serv-U FTP Server and Serv-U MFT Server
SolarWinds Serv-U before 15.1.6 Hotfix 3 is affected by Cross Site Scripting (XSS) via a directory name (entered by an admin) containing a JavaScript payload.
network
solarwinds CWE-79
3.5
2021-05-04 CVE-2021-3154 Insufficiently Protected Credentials vulnerability in Solarwinds Serv-U 15.1.6/15.2.1
An issue was discovered in SolarWinds Serv-U before 15.2.2.
network
low complexity
solarwinds CWE-522
5.0
2021-04-22 CVE-2021-27277 Deserialization of Untrusted Data vulnerability in Solarwinds Orion Platform 2020.2
This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Orion Virtual Infrastructure Monitor 2020.2.
local
low complexity
solarwinds CWE-502
7.2
2021-03-29 CVE-2021-27240 Deserialization of Untrusted Data vulnerability in Solarwinds Patch Manager 2020.2.1
This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Patch Manager 2020.2.1.
local
low complexity
solarwinds CWE-502
7.2