Vulnerabilities > Solarwinds > Orion Platform
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-03 | CVE-2021-25275 | Use of Hard-coded Credentials vulnerability in Solarwinds Orion Platform SolarWinds Orion Platform before 2020.2.4, as used by various SolarWinds products, installs and uses a SQL Server backend, and stores database credentials to access this backend in a file readable by unprivileged users. | 2.1 |
| 2021-02-03 | CVE-2021-25274 | Deserialization of Untrusted Data vulnerability in Solarwinds Orion Platform The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ (Microsoft Message Queue) and doesn't set permissions on its private queues. | 10.0 |
| 2020-12-29 | CVE-2020-10148 | Improper Authentication vulnerability in Solarwinds Orion Platform 2019.4/2020.2/2020.2.1 The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. | 9.8 |
| 2020-09-17 | CVE-2020-13169 | Cross-site Scripting vulnerability in Solarwinds Orion Platform Stored XSS (Cross-Site Scripting) exists in the SolarWinds Orion Platform before before 2020.2.1 on multiple forms and pages. | 3.5 |
| 2020-05-04 | CVE-2019-12864 | Information Exposure vulnerability in Solarwinds products SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) is vulnerable to Information Leakage, because of improper error handling with stack traces, as demonstrated by discovering a full pathname upon a 500 Internal Server Error via the api2/swis/query?lang=en-us&swAlertOnError=false query parameter. | 2.1 |
| 2020-02-25 | CVE-2019-12863 | Cross-site Scripting vulnerability in Solarwinds products SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) allows Stored HTML Injection by administrators via the Web Console Settings screen. | 3.5 |
| 2020-01-17 | CVE-2019-17127 | Cross-site Scripting vulnerability in Solarwinds Orion Platform 2019.2 A Stored Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many application forms. | 4.3 |
| 2020-01-17 | CVE-2019-17125 | Cross-site Scripting vulnerability in Solarwinds Orion Platform 2019.2 A Reflected Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many forms. | 4.3 |
| 2019-03-01 | CVE-2019-9546 | Uncontrolled Search Path Element vulnerability in Solarwinds Orion Platform SolarWinds Orion Platform before 2018.4 Hotfix 2 allows privilege escalation through the RabbitMQ service. | 7.5 |