Vulnerabilities > Solarwinds > Orion Platform
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-08-31 | CVE-2021-35222 | Cross-site Scripting vulnerability in Solarwinds Orion Platform This vulnerability allows attackers to impersonate users and perform arbitrary actions leading to a Remote Code Execution (RCE) from the Alerts Settings page. | 9.6 |
2021-08-31 | CVE-2021-35219 | Unspecified vulnerability in Solarwinds Orion Platform ExportToPdfCmd Arbitrary File Read Information Disclosure Vulnerability using ImportAlert function within the Alerts Settings page. | 4.9 |
2021-08-31 | CVE-2021-35220 | Command Injection vulnerability in Solarwinds Orion Platform Command Injection vulnerability in EmailWebPage API which can lead to a Remote Code Execution (RCE) from the Alerts Settings page. | 7.2 |
2021-07-30 | CVE-2021-28674 | Incorrect Authorization vulnerability in Solarwinds Orion Platform The node management page in SolarWinds Orion Platform before 2020.2.5 HF1 allows an attacker to create or delete a node (outside of the attacker's perimeter) via an account with write permissions. | 5.4 |
2021-04-22 | CVE-2021-27277 | Unspecified vulnerability in Solarwinds Orion Platform 2020.2 This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Orion Virtual Infrastructure Monitor 2020.2. | 7.8 |
2021-04-14 | CVE-2021-27258 | Unspecified vulnerability in Solarwinds Orion Platform 2020.2 This vulnerability allows remote attackers to execute escalate privileges on affected installations of SolarWinds Orion Platform 2020.2. | 9.8 |
2021-03-26 | CVE-2021-3109 | Unspecified vulnerability in Solarwinds Orion Platform The custom menu item options page in SolarWinds Orion Platform before 2020.2.5 allows Reverse Tabnabbing in the context of an administrator account. | 4.8 |
2021-03-26 | CVE-2020-35856 | Cross-site Scripting vulnerability in Solarwinds Orion Platform SolarWinds Orion Platform before 2020.2.5 allows stored XSS attacks by an administrator on the Customize View page. | 4.8 |
2021-02-10 | CVE-2020-27871 | Unspecified vulnerability in Solarwinds Orion Platform 2020.2.1 This vulnerability allows remote attackers to create arbitrary files on affected installations of SolarWinds Orion Platform 2020.2.1. | 7.2 |
2021-02-10 | CVE-2020-27870 | Unspecified vulnerability in Solarwinds Orion Platform 2020.2.1 This vulnerability allows remote attackers to disclose sensitive information on affected installations of SolarWinds Orion Platform 2020.2.1. | 6.5 |