Vulnerabilities > Solarwinds
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-31 | CVE-2021-35212 | SQL Injection vulnerability in Solarwinds Orion Platform An SQL injection Privilege Escalation Vulnerability was discovered in the Orion Platform reported by the ZDI Team. | 9.0 |
| 2021-08-31 | CVE-2021-35213 | Unspecified vulnerability in Solarwinds Orion Platform An Improper Access Control Privilege Escalation Vulnerability was discovered in the User Setting of Orion Platform version 2020.2.5. | 8.8 |
| 2021-08-31 | CVE-2021-35223 | Unspecified vulnerability in Solarwinds Serv-U The Serv-U File Server allows for events such as user login failures to be audited by executing a command. | 6.5 |
| 2021-08-31 | CVE-2021-35239 | Cross-site Scripting vulnerability in Solarwinds Orion Platform A security researcher found a user with Orion map manage rights could store XSS through via text box hyperlink. | 3.5 |
| 2021-08-31 | CVE-2021-35240 | Cross-site Scripting vulnerability in Solarwinds Orion Platform A security researcher stored XSS via a Help Server setting. | 3.5 |
| 2021-08-31 | CVE-2021-35221 | Unspecified vulnerability in Solarwinds Orion Platform Improper Access Control Tampering Vulnerability using ImportAlert function which can lead to a Remote Code Execution (RCE) from the Alerts Settings page. | 8.1 |
| 2021-08-31 | CVE-2021-35222 | Cross-site Scripting vulnerability in Solarwinds Orion Platform This vulnerability allows attackers to impersonate users and perform arbitrary actions leading to a Remote Code Execution (RCE) from the Alerts Settings page. | 4.3 |
| 2021-08-31 | CVE-2021-35219 | Unspecified vulnerability in Solarwinds Orion Platform ExportToPdfCmd Arbitrary File Read Information Disclosure Vulnerability using ImportAlert function within the Alerts Settings page. | 4.0 |
| 2021-08-31 | CVE-2021-35220 | Command Injection vulnerability in Solarwinds Orion Platform Command Injection vulnerability in EmailWebPage API which can lead to a Remote Code Execution (RCE) from the Alerts Settings page. | 6.5 |
| 2021-08-26 | CVE-2021-32076 | Authentication Bypass by Spoofing vulnerability in Solarwinds web Help Desk Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2. | 5.3 |