Vulnerabilities > Solarwinds

DATE	CVE	VULNERABILITY TITLE	RISK
2021-02-03	CVE-2020-35482	Cross-site Scripting vulnerability in Solarwinds Serv-U SolarWinds Serv-U before 15.2.2 allows authenticated reflected XSS. network low complexity solarwinds CWE-79	5.4
2021-02-03	CVE-2020-35481	Unspecified vulnerability in Solarwinds Serv-U SolarWinds Serv-U before 15.2.2 allows Unauthenticated Macro Injection. network low complexity solarwinds critical	9.8
2021-02-03	CVE-2020-28001	Cross-site Scripting vulnerability in Solarwinds Serv-U SolarWinds Serv-U before 15.2.2 allows Authenticated Stored XSS. network low complexity solarwinds CWE-79	5.4
2021-02-03	CVE-2020-27994	Path Traversal vulnerability in Solarwinds Serv-U SolarWinds Serv-U before 15.2.2 allows Authenticated Directory Traversal. network low complexity solarwinds CWE-22	6.5
2021-01-15	CVE-2019-16961	Cross-site Scripting vulnerability in Solarwinds web Help Desk 12.7.0 SolarWinds Web Help Desk 12.7.0 allows XSS via a Schedule Name. network low complexity solarwinds CWE-79	5.4
2021-01-06	CVE-2019-16954	Cross-site Scripting vulnerability in Solarwinds web Help Desk 12.7.0 SolarWinds Web Help Desk 12.7.0 allows HTML injection via a Comment in a Help Request ticket. network low complexity solarwinds CWE-79	5.4
2021-01-04	CVE-2019-16960	Cross-site Scripting vulnerability in Solarwinds web Help Desk 12.7.0 SolarWinds Web Help Desk 12.7.0 allows XSS via a CSV template file with a crafted Location Name field. network low complexity solarwinds CWE-79	5.4
2021-01-04	CVE-2019-16956	Cross-site Scripting vulnerability in Solarwinds web Help Desk 12.7.0 SolarWinds Web Help Desk 12.7.0 allows XSS via the Request Type parameter of a ticket. network low complexity solarwinds CWE-79	5.4
2020-12-29	CVE-2020-10148	Improper Authentication vulnerability in Solarwinds Orion Platform 2019.4/2020.2/2020.2.1 The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. network low complexity solarwinds CWE-287 critical	9.8
2020-12-21	CVE-2019-16959	Improper Neutralization of Formula Elements in a CSV File vulnerability in Solarwinds Webhelpdesk 12.7.0 SolarWinds Web Help Desk 12.7.0 allows CSV Injection, also known as Formula Injection, via a file attached to a ticket. network low complexity solarwinds CWE-1236	6.5

Vulnerabilities > Solarwinds {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Solarwinds"}]}

Vulnerabilities > Solarwinds