Vulnerabilities > Solarwinds
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-22 | CVE-2021-35230 | Path Traversal vulnerability in Solarwinds Kiwi Cattools 3.6.0(Serviceedition) As a result of an unquoted service path vulnerability present in the Kiwi CatTools Installation Wizard, a local attacker could gain escalated privileges by inserting an executable into the path of the affected service or uninstall entry. | 7.2 |
| 2021-10-21 | CVE-2021-35225 | Unspecified vulnerability in Solarwinds Network Performance Monitor Each authenticated Orion Platform user in a MSP (Managed Service Provider) environment can view and browse all NetPath Services from all that MSP's customers. | 5.5 |
| 2021-10-21 | CVE-2021-35227 | Deserialization of Untrusted Data vulnerability in Solarwinds Access Rights Manager The HTTP interface was enabled for RabbitMQ Plugin in ARM 2020.2.6 and the ability to configure HTTPS was not available. | 4.6 |
| 2021-10-21 | CVE-2021-35228 | Cross-site Scripting vulnerability in Solarwinds Database Performance Analyzer 2021.3.7388 This vulnerability occurred due to missing input sanitization for one of the output fields that is extracted from headers on specific section of page causing a reflective cross site scripting attack. | 2.6 |
| 2021-10-12 | CVE-2021-35214 | Insufficient Session Expiration vulnerability in Solarwinds Pingdom The vulnerability in SolarWinds Pingdom can be described as a failure to invalidate user session upon password or email address change. | 1.9 |
| 2021-09-08 | CVE-2021-35217 | Deserialization of Untrusted Data vulnerability in Solarwinds Patch Manager Insecure Deseralization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module and reported to us by ZDI. | 6.5 |
| 2021-09-01 | CVE-2021-35215 | Deserialization of Untrusted Data vulnerability in Solarwinds Orion Platform Insecure deserialization leading to Remote Code Execution was detected in the Orion Platform version 2020.2.5. | 6.5 |
| 2021-09-01 | CVE-2021-35216 | Deserialization of Untrusted Data vulnerability in Solarwinds Patch Manager Insecure Deserialization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module. | 9.0 |
| 2021-09-01 | CVE-2021-35218 | Deserialization of Untrusted Data vulnerability in Solarwinds Orion Platform Deserialization of Untrusted Data in the Web Console Chart Endpoint can lead to remote code execution. | 6.5 |
| 2021-09-01 | CVE-2021-35238 | Cross-site Scripting vulnerability in Solarwinds Orion Platform User with Orion Platform Admin Rights could store XSS through URL POST parameter in CreateExternalWebsite website. | 3.5 |