Vulnerabilities > Solarwinds
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-25 | CVE-2021-35254 | Unspecified vulnerability in Solarwinds Webhelpdesk SolarWinds received a report of a vulnerability related to an input that was not sanitized in WebHelpDesk. | 8.8 |
| 2022-03-10 | CVE-2021-35251 | Information Exposure Through an Error Message vulnerability in Solarwinds web Help Desk Sensitive information could be displayed when a detailed technical error message is posted. | 5.3 |
| 2022-01-10 | CVE-2021-35247 | Improper Input Validation vulnerability in Solarwinds Serv-U Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized. | 5.3 |
| 2021-12-27 | CVE-2021-35232 | Use of Hard-coded Credentials vulnerability in Solarwinds Webhelpdesk Hard coded credentials discovered in SolarWinds Web Help Desk product. | 6.1 |
| 2021-12-23 | CVE-2021-35243 | Unspecified vulnerability in Solarwinds web Help Desk The HTTP PUT and DELETE methods were enabled in the Web Help Desk web server (12.7.7 and earlier), allowing users to execute dangerous HTTP requests. | 7.5 |
| 2021-12-20 | CVE-2021-35234 | SQL Injection vulnerability in Solarwinds Orion Platform 2016.1/2020.2/2020.2.6 Numerous exposed dangerous functions within Orion Core has allows for read-only SQL injection leading to privileged escalation. | 8.8 |
| 2021-12-20 | CVE-2021-35244 | Unrestricted Upload of File with Dangerous Type vulnerability in Solarwinds Orion Platform The "Log alert to a file" action within action management enables any Orion Platform user with Orion alert management rights to write to any file. | 7.2 |
| 2021-12-20 | CVE-2021-35248 | Incorrect Permission Assignment for Critical Resource vulnerability in Solarwinds Orion Platform It has been reported that any Orion user, e.g. | 4.3 |
| 2021-12-06 | CVE-2021-35242 | Cross-Site Request Forgery (CSRF) vulnerability in Solarwinds Serv-U 15.1.6/15.2.1/15.2.2 Serv-U server responds with valid CSRFToken when the request contains only Session. | 8.8 |
| 2021-12-06 | CVE-2021-35245 | Unspecified vulnerability in Solarwinds Serv-U When a user has admin rights in Serv-U Console, the user can move, create and delete any files are able to be accessed on the Serv-U host machine. | 6.8 |