Vulnerabilities > Solarwinds > Network Performance Monitor > 12.0.15300.90

DATE CVE VULNERABILITY TITLE RISK
2021-10-21 CVE-2021-35225 Unspecified vulnerability in Solarwinds Network Performance Monitor
Each authenticated Orion Platform user in a MSP (Managed Service Provider) environment can view and browse all NetPath Services from all that MSP's customers.
network
low complexity
solarwinds
6.4
2019-07-16 CVE-2018-13442 SQL Injection vulnerability in Solarwinds Network Performance Monitor
SolarWinds Network Performance Monitor 12.3 allows SQL Injection via the /api/ActiveAlertsOnThisEntity/GetActiveAlerts TriggeringObjectEntityNames parameter.
network
low complexity
solarwinds CWE-89
8.8
2017-10-03 CVE-2017-9538 Improper Input Validation vulnerability in Solarwinds Network Performance Monitor 12.0/12.0.1/12.0.15300.90
The 'Upload logo from external path' function of SolarWinds Network Performance Monitor version 12.0.15300.90 allows remote attackers to cause a denial of service (permanent display of a "Cannot exit above the top directory" error message throughout the entire web application) via a ".." in the path field.
network
low complexity
solarwinds CWE-20
4.9
2017-10-03 CVE-2017-9537 Cross-site Scripting vulnerability in Solarwinds Network Performance Monitor 12.0.15300.90
Persistent cross-site scripting (XSS) in the Add Node function of SolarWinds Network Performance Monitor version 12.0.15300.90 allows remote attackers to introduce arbitrary JavaScript into various vulnerable parameters.
network
low complexity
solarwinds CWE-79
4.8