Vulnerabilities > Solarwinds

DATE	CVE	VULNERABILITY TITLE	RISK
2021-07-30	CVE-2021-28674	Incorrect Authorization vulnerability in Solarwinds Orion Platform The node management page in SolarWinds Orion Platform before 2020.2.5 HF1 allows an attacker to create or delete a node (outside of the attacker's perimeter) via an account with write permissions. network low complexity solarwinds CWE-863	5.4
2021-07-14	CVE-2021-35211	Out-of-bounds Write vulnerability in Solarwinds Serv-U Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability. network low complexity solarwinds CWE-787 critical	10.0
2021-07-13	CVE-2021-31217	Incorrect Default Permissions vulnerability in Solarwinds Dameware Mini Remote Control 12.0.1.200 In SolarWinds DameWare Mini Remote Control Server 12.0.1.200, insecure file permissions allow file deletion as SYSTEM. network low complexity solarwinds CWE-276 critical	9.1
2021-05-21	CVE-2021-31474	Unspecified vulnerability in Solarwinds Network Performance Monitor 2020.2.1/2020.2.4 This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor 2020.2.1. network low complexity solarwinds critical	9.8
2021-05-21	CVE-2021-31475	Unspecified vulnerability in Solarwinds Orion JOB Scheduler 2020.2.1 This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Job Scheduler 2020.2.1 HF 2. network low complexity solarwinds	8.8
2021-05-11	CVE-2021-32604	Cross-site Scripting vulnerability in Solarwinds Serv-U Share/IncomingWizard.htm in SolarWinds Serv-U before 15.2.3 mishandles the user-supplied SenderEmail parameter, aka "Share URL XSS." network low complexity solarwinds CWE-79	5.4
2021-05-05	CVE-2021-25179	Cross-site Scripting vulnerability in Solarwinds Serv-U File Server SolarWinds Serv-U before 15.2 is affected by Cross Site Scripting (XSS) via the HTTP Host header. network low complexity solarwinds CWE-79	6.1
2021-05-05	CVE-2020-22428	Cross-site Scripting vulnerability in Solarwinds Serv-U FTP Server and Serv-U MFT Server SolarWinds Serv-U before 15.1.6 Hotfix 3 is affected by Cross Site Scripting (XSS) via a directory name (entered by an admin) containing a JavaScript payload. network low complexity solarwinds CWE-79	4.8
2021-05-04	CVE-2021-3154	Injection vulnerability in Solarwinds Serv-U An issue was discovered in SolarWinds Serv-U before 15.2.2. network low complexity solarwinds CWE-74	7.5
2021-04-22	CVE-2021-27277	Unspecified vulnerability in Solarwinds Orion Platform 2020.2 This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Orion Virtual Infrastructure Monitor 2020.2. local low complexity solarwinds	7.8

Vulnerabilities > Solarwinds {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Solarwinds"}]}

Vulnerabilities > Solarwinds