Vulnerabilities > Solarwinds > Orion Platform > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-10 | CVE-2020-27870 | Unspecified vulnerability in Solarwinds Orion Platform 2020.2.1 This vulnerability allows remote attackers to disclose sensitive information on affected installations of SolarWinds Orion Platform 2020.2.1. | 6.5 |
| 2020-05-04 | CVE-2019-12864 | Information Exposure Through an Error Message vulnerability in Solarwinds products SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) is vulnerable to Information Leakage, because of improper error handling with stack traces, as demonstrated by discovering a full pathname upon a 500 Internal Server Error via the api2/swis/query?lang=en-us&swAlertOnError=false query parameter. | 5.5 |
| 2020-02-25 | CVE-2019-12863 | Cross-site Scripting vulnerability in Solarwinds products SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) allows Stored HTML Injection by administrators via the Web Console Settings screen. | 4.8 |
| 2020-01-17 | CVE-2019-17127 | Cross-site Scripting vulnerability in Solarwinds Orion Platform 2019.2 A Stored Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many application forms. | 6.1 |
| 2020-01-17 | CVE-2019-17125 | Cross-site Scripting vulnerability in Solarwinds Orion Platform 2019.2 A Reflected Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many forms. | 6.1 |