Vulnerabilities > Solarwinds

DATE CVE VULNERABILITY TITLE RISK
2021-04-14 CVE-2021-27258 Unspecified vulnerability in Solarwinds Orion Platform 2020.2
This vulnerability allows remote attackers to execute escalate privileges on affected installations of SolarWinds Orion Platform 2020.2.
network
low complexity
solarwinds
7.5
2021-03-29 CVE-2021-27240 Deserialization of Untrusted Data vulnerability in Solarwinds Patch Manager 2020.2.1
This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Patch Manager 2020.2.1.
local
low complexity
solarwinds CWE-502
7.2
2021-03-26 CVE-2021-3109 Unspecified vulnerability in Solarwinds Orion Platform
The custom menu item options page in SolarWinds Orion Platform before 2020.2.5 allows Reverse Tabnabbing in the context of an administrator account.
network
solarwinds
4.9
2021-03-26 CVE-2020-35856 Cross-site Scripting vulnerability in Solarwinds Orion Platform
SolarWinds Orion Platform before 2020.2.5 allows stored XSS attacks by an administrator on the Customize View page.
network
solarwinds CWE-79
3.5
2021-02-12 CVE-2020-27869 SQL Injection vulnerability in Solarwinds Network Performance Monitor 2020/2020.2
This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor 2020 HF1, NPM: 2020.2.
network
low complexity
solarwinds CWE-89
critical
9.0
2021-02-10 CVE-2020-27871 Path Traversal vulnerability in Solarwinds Orion Platform 2020.2.1
This vulnerability allows remote attackers to create arbitrary files on affected installations of SolarWinds Orion Platform 2020.2.1.
network
low complexity
solarwinds CWE-22
critical
9.0
2021-02-10 CVE-2020-27870 Path Traversal vulnerability in Solarwinds Orion Platform 2020.2.1
This vulnerability allows remote attackers to disclose sensitive information on affected installations of SolarWinds Orion Platform 2020.2.1.
network
low complexity
solarwinds CWE-22
4.0
2021-02-03 CVE-2021-25276 Incorrect Permission Assignment for Critical Resource vulnerability in Solarwinds Serv-U 15.1.6/15.2.1/15.2.2
In SolarWinds Serv-U before 15.2.2 Hotfix 1, there is a directory containing user profile files (that include users' password hashes) that is world readable and writable.
local
low complexity
solarwinds CWE-732
3.6
2021-02-03 CVE-2021-25275 Use of Hard-coded Credentials vulnerability in Solarwinds Orion Platform
SolarWinds Orion Platform before 2020.2.4, as used by various SolarWinds products, installs and uses a SQL Server backend, and stores database credentials to access this backend in a file readable by unprivileged users.
local
low complexity
solarwinds CWE-798
2.1
2021-02-03 CVE-2021-25274 Deserialization of Untrusted Data vulnerability in Solarwinds Orion Platform
The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ (Microsoft Message Queue) and doesn't set permissions on its private queues.
network
low complexity
solarwinds CWE-502
critical
10.0