Vulnerabilities > Solarwinds > Orion Network Performance Monitor

DATE CVE VULNERABILITY TITLE RISK
2020-06-24 CVE-2020-14007 Cross-site Scripting vulnerability in Solarwinds products
Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows XSS via a name of an alert definition.
network
low complexity
solarwinds CWE-79
5.4
5.4
2020-06-24 CVE-2020-14006 Cross-site Scripting vulnerability in Solarwinds products
Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows XSS via a Responsible Team.
network
low complexity
solarwinds CWE-79
5.4
5.4
2020-06-24 CVE-2020-14005 Unspecified vulnerability in Solarwinds products
Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows remote attackers to execute arbitrary code via a defined event.
network
low complexity
solarwinds
8.8
8.8
2019-02-18 CVE-2019-8917 Unspecified vulnerability in Solarwinds Orion Network Performance Monitor
SolarWinds Orion NPM before 12.4 suffers from a SYSTEM remote code execution vulnerability in the OrionModuleEngine service.
network
low complexity
solarwinds
critical
 9.8
9.8