Vulnerabilities > Solarwinds
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-31 | CVE-2021-35221 | Unspecified vulnerability in Solarwinds Orion Platform Improper Access Control Tampering Vulnerability using ImportAlert function which can lead to a Remote Code Execution (RCE) from the Alerts Settings page. | 8.1 |
| 2021-08-31 | CVE-2021-35222 | Cross-site Scripting vulnerability in Solarwinds Orion Platform This vulnerability allows attackers to impersonate users and perform arbitrary actions leading to a Remote Code Execution (RCE) from the Alerts Settings page. | 9.6 |
| 2021-08-31 | CVE-2021-35219 | Unspecified vulnerability in Solarwinds Orion Platform ExportToPdfCmd Arbitrary File Read Information Disclosure Vulnerability using ImportAlert function within the Alerts Settings page. | 4.9 |
| 2021-08-31 | CVE-2021-35220 | Command Injection vulnerability in Solarwinds Orion Platform Command Injection vulnerability in EmailWebPage API which can lead to a Remote Code Execution (RCE) from the Alerts Settings page. | 7.2 |
| 2021-08-26 | CVE-2021-32076 | Authentication Bypass by Spoofing vulnerability in Solarwinds web Help Desk Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2. | 5.3 |
| 2021-07-30 | CVE-2021-28674 | Incorrect Authorization vulnerability in Solarwinds Orion Platform The node management page in SolarWinds Orion Platform before 2020.2.5 HF1 allows an attacker to create or delete a node (outside of the attacker's perimeter) via an account with write permissions. | 5.4 |
| 2021-07-14 | CVE-2021-35211 | Out-of-bounds Write vulnerability in Solarwinds Serv-U Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability. | 10.0 |
| 2021-07-13 | CVE-2021-31217 | Incorrect Default Permissions vulnerability in Solarwinds Dameware Mini Remote Control 12.0.1.200 In SolarWinds DameWare Mini Remote Control Server 12.0.1.200, insecure file permissions allow file deletion as SYSTEM. | 9.1 |
| 2021-05-21 | CVE-2021-31474 | Unspecified vulnerability in Solarwinds Network Performance Monitor 2020.2.1/2020.2.4 This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor 2020.2.1. | 9.8 |
| 2021-05-21 | CVE-2021-31475 | Unspecified vulnerability in Solarwinds Orion JOB Scheduler 2020.2.1 This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Job Scheduler 2020.2.1 HF 2. | 8.8 |