Vulnerabilities > Solarwinds
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-11 | CVE-2021-32604 | Cross-site Scripting vulnerability in Solarwinds Serv-U Share/IncomingWizard.htm in SolarWinds Serv-U before 15.2.3 mishandles the user-supplied SenderEmail parameter, aka "Share URL XSS." | 5.4 |
| 2021-05-05 | CVE-2021-25179 | Cross-site Scripting vulnerability in Solarwinds Serv-U File Server SolarWinds Serv-U before 15.2 is affected by Cross Site Scripting (XSS) via the HTTP Host header. | 6.1 |
| 2021-05-05 | CVE-2020-22428 | Cross-site Scripting vulnerability in Solarwinds Serv-U FTP Server and Serv-U MFT Server SolarWinds Serv-U before 15.1.6 Hotfix 3 is affected by Cross Site Scripting (XSS) via a directory name (entered by an admin) containing a JavaScript payload. | 4.8 |
| 2021-05-04 | CVE-2021-3154 | Injection vulnerability in Solarwinds Serv-U An issue was discovered in SolarWinds Serv-U before 15.2.2. | 7.5 |
| 2021-04-22 | CVE-2021-27277 | Deserialization of Untrusted Data vulnerability in Solarwinds Orion Platform 2020.2 This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Orion Virtual Infrastructure Monitor 2020.2. | 7.8 |
| 2021-04-14 | CVE-2021-27258 | Unspecified vulnerability in Solarwinds Orion Platform 2020.2 This vulnerability allows remote attackers to execute escalate privileges on affected installations of SolarWinds Orion Platform 2020.2. | 9.8 |
| 2021-03-29 | CVE-2021-27240 | Deserialization of Untrusted Data vulnerability in Solarwinds Patch Manager 2020.2.1 This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Patch Manager 2020.2.1. | 7.8 |
| 2021-03-26 | CVE-2021-3109 | Unspecified vulnerability in Solarwinds Orion Platform 2016.1/2020.2 The custom menu item options page in SolarWinds Orion Platform before 2020.2.5 allows Reverse Tabnabbing in the context of an administrator account. | 4.8 |
| 2021-03-26 | CVE-2020-35856 | Cross-site Scripting vulnerability in Solarwinds Orion Platform 2016.1/2020.2 SolarWinds Orion Platform before 2020.2.5 allows stored XSS attacks by an administrator on the Customize View page. | 4.8 |
| 2021-02-12 | CVE-2020-27869 | SQL Injection vulnerability in Solarwinds Network Performance Monitor 2020/2020.2 This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor 2020 HF1, NPM: 2020.2. | 8.8 |