Vulnerabilities > Solarwinds

DATE	CVE	VULNERABILITY TITLE	RISK
2021-09-08	CVE-2021-35217	Deserialization of Untrusted Data vulnerability in Solarwinds Patch Manager Insecure Deseralization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module and reported to us by ZDI. network low complexity solarwinds CWE-502	8.8
2021-09-01	CVE-2021-35215	Deserialization of Untrusted Data vulnerability in Solarwinds Orion Platform 2016.1/2020.2 Insecure deserialization leading to Remote Code Execution was detected in the Orion Platform version 2020.2.5. network low complexity solarwinds CWE-502	8.8
2021-09-01	CVE-2021-35216	Deserialization of Untrusted Data vulnerability in Solarwinds Patch Manager Insecure Deserialization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module. network low complexity solarwinds CWE-502	8.8
2021-09-01	CVE-2021-35218	Deserialization of Untrusted Data vulnerability in Solarwinds Orion Platform Deserialization of Untrusted Data in the Web Console Chart Endpoint can lead to remote code execution. network low complexity solarwinds CWE-502	8.8
2021-09-01	CVE-2021-35238	Cross-site Scripting vulnerability in Solarwinds Orion Platform 2016.1/2020.2/2020.2.6 User with Orion Platform Admin Rights could store XSS through URL POST parameter in CreateExternalWebsite website. low complexity solarwinds CWE-79	4.8
2021-08-31	CVE-2021-35212	SQL Injection vulnerability in Solarwinds Orion Platform An SQL injection Privilege Escalation Vulnerability was discovered in the Orion Platform reported by the ZDI Team. network low complexity solarwinds CWE-89	8.8
2021-08-31	CVE-2021-35213	Unspecified vulnerability in Solarwinds Orion Platform 2016.1/2020.2 An Improper Access Control Privilege Escalation Vulnerability was discovered in the User Setting of Orion Platform version 2020.2.5. network low complexity solarwinds	8.8
2021-08-31	CVE-2021-35223	Unspecified vulnerability in Solarwinds Serv-U The Serv-U File Server allows for events such as user login failures to be audited by executing a command. network low complexity solarwinds	8.8
2021-08-31	CVE-2021-35239	Cross-site Scripting vulnerability in Solarwinds Orion Platform 2016.1/2020.2/2020.2.6 A security researcher found a user with Orion map manage rights could store XSS through via text box hyperlink. network low complexity solarwinds CWE-79	5.4
2021-08-31	CVE-2021-35240	Cross-site Scripting vulnerability in Solarwinds Orion Platform 2016.1/2020.2 A security researcher stored XSS via a Help Server setting. network low complexity solarwinds CWE-79	4.8

Vulnerabilities > Solarwinds {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Solarwinds"}]}

Vulnerabilities > Solarwinds