Vulnerabilities > Solarwinds > Orion Platform

DATE CVE VULNERABILITY TITLE RISK
2021-08-31 CVE-2021-35222 Cross-site Scripting vulnerability in Solarwinds Orion Platform
This vulnerability allows attackers to impersonate users and perform arbitrary actions leading to a Remote Code Execution (RCE) from the Alerts Settings page.
network
low complexity
solarwinds CWE-79
critical
9.6
2021-08-31 CVE-2021-35219 Unspecified vulnerability in Solarwinds Orion Platform
ExportToPdfCmd Arbitrary File Read Information Disclosure Vulnerability using ImportAlert function within the Alerts Settings page.
network
low complexity
solarwinds
4.9
2021-08-31 CVE-2021-35220 Command Injection vulnerability in Solarwinds Orion Platform
Command Injection vulnerability in EmailWebPage API which can lead to a Remote Code Execution (RCE) from the Alerts Settings page.
network
low complexity
solarwinds CWE-77
7.2
2021-07-30 CVE-2021-28674 Incorrect Authorization vulnerability in Solarwinds Orion Platform
The node management page in SolarWinds Orion Platform before 2020.2.5 HF1 allows an attacker to create or delete a node (outside of the attacker's perimeter) via an account with write permissions.
network
low complexity
solarwinds CWE-863
5.4
2021-04-22 CVE-2021-27277 Unspecified vulnerability in Solarwinds Orion Platform 2020.2
This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Orion Virtual Infrastructure Monitor 2020.2.
local
low complexity
solarwinds
7.8
2021-04-14 CVE-2021-27258 Unspecified vulnerability in Solarwinds Orion Platform 2020.2
This vulnerability allows remote attackers to execute escalate privileges on affected installations of SolarWinds Orion Platform 2020.2.
network
low complexity
solarwinds
critical
9.8
2021-03-26 CVE-2021-3109 Unspecified vulnerability in Solarwinds Orion Platform
The custom menu item options page in SolarWinds Orion Platform before 2020.2.5 allows Reverse Tabnabbing in the context of an administrator account.
network
low complexity
solarwinds
4.8
2021-03-26 CVE-2020-35856 Cross-site Scripting vulnerability in Solarwinds Orion Platform
SolarWinds Orion Platform before 2020.2.5 allows stored XSS attacks by an administrator on the Customize View page.
network
low complexity
solarwinds CWE-79
4.8
2021-02-10 CVE-2020-27871 Unspecified vulnerability in Solarwinds Orion Platform 2020.2.1
This vulnerability allows remote attackers to create arbitrary files on affected installations of SolarWinds Orion Platform 2020.2.1.
network
low complexity
solarwinds
7.2
2021-02-10 CVE-2020-27870 Unspecified vulnerability in Solarwinds Orion Platform 2020.2.1
This vulnerability allows remote attackers to disclose sensitive information on affected installations of SolarWinds Orion Platform 2020.2.1.
network
low complexity
solarwinds
6.5