Vulnerabilities > Solarwinds
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-20 | CVE-2022-36958 | Deserialization of Untrusted Data vulnerability in Solarwinds Orion Platform SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. | 8.8 |
| 2022-10-20 | CVE-2022-36966 | Authorization Bypass Through User-Controlled Key vulnerability in Solarwinds Orion Platform Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds Platform 2022.3 and previous. | 5.4 |
| 2022-10-20 | CVE-2022-38108 | Deserialization of Untrusted Data vulnerability in Solarwinds Orion Platform SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. | 7.2 |
| 2022-10-19 | CVE-2022-38107 | Information Exposure Through an Error Message vulnerability in Solarwinds SQL Sentry 2021.18.10 Sensitive information could be displayed when a detailed technical error message is posted. | 5.3 |
| 2022-10-10 | CVE-2021-35226 | Inadequate Encryption Strength vulnerability in Solarwinds Network Configuration Manager An entity in Network Configuration Manager product is misconfigured and exposing password field to Solarwinds Information Service (SWIS). | 6.5 |
| 2022-09-30 | CVE-2022-36961 | SQL Injection vulnerability in Solarwinds Orion Platform A vulnerable component of Orion Platform was vulnerable to SQL Injection, an authenticated attacker could leverage this for privilege escalation or remote code execution. | 8.8 |
| 2022-09-30 | CVE-2022-36965 | Cross-site Scripting vulnerability in Solarwinds Platform 2022.2.0 Insufficient sanitization of inputs in QoE application input field could lead to stored and Dom based XSS attack. | 6.1 |
| 2022-05-17 | CVE-2021-35249 | Unspecified vulnerability in Solarwinds Serv-U This broken access control vulnerability pertains specifically to a domain admin who can access configuration & user data of other domains which they should not have access to. | 4.3 |
| 2022-04-25 | CVE-2021-35250 | Path Traversal vulnerability in Solarwinds Serv-U 15.3 A researcher reported a Directory Transversal Vulnerability in Serv-U 15.3. | 7.5 |
| 2022-04-21 | CVE-2021-35229 | Cross-site Scripting vulnerability in Solarwinds products Cross-site scripting vulnerability is present in Database Performance Monitor 2022.1.7779 and previous versions when using a complex SQL query | 6.1 |