Vulnerabilities > Solarwinds
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-10 | CVE-2020-27871 | Path Traversal vulnerability in Solarwinds Orion Platform 2020.2.1 This vulnerability allows remote attackers to create arbitrary files on affected installations of SolarWinds Orion Platform 2020.2.1. | 7.2 |
| 2021-02-10 | CVE-2020-27870 | Path Traversal vulnerability in Solarwinds Orion Platform 2020.2.1 This vulnerability allows remote attackers to disclose sensitive information on affected installations of SolarWinds Orion Platform 2020.2.1. | 6.5 |
| 2021-02-03 | CVE-2021-25276 | Incorrect Permission Assignment for Critical Resource vulnerability in Solarwinds Serv-U In SolarWinds Serv-U before 15.2.2 Hotfix 1, there is a directory containing user profile files (that include users' password hashes) that is world readable and writable. | 7.1 |
| 2021-02-03 | CVE-2021-25275 | Use of Hard-coded Credentials vulnerability in Solarwinds Orion Platform SolarWinds Orion Platform before 2020.2.4, as used by various SolarWinds products, installs and uses a SQL Server backend, and stores database credentials to access this backend in a file readable by unprivileged users. | 7.8 |
| 2021-02-03 | CVE-2021-25274 | Deserialization of Untrusted Data vulnerability in Solarwinds Orion Platform The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ (Microsoft Message Queue) and doesn't set permissions on its private queues. | 9.8 |
| 2021-02-03 | CVE-2020-35482 | Cross-site Scripting vulnerability in Solarwinds Serv-U SolarWinds Serv-U before 15.2.2 allows authenticated reflected XSS. | 5.4 |
| 2021-02-03 | CVE-2020-35481 | Unspecified vulnerability in Solarwinds Serv-U SolarWinds Serv-U before 15.2.2 allows Unauthenticated Macro Injection. | 9.8 |
| 2021-02-03 | CVE-2020-28001 | Cross-site Scripting vulnerability in Solarwinds Serv-U SolarWinds Serv-U before 15.2.2 allows Authenticated Stored XSS. | 5.4 |
| 2021-02-03 | CVE-2020-27994 | Path Traversal vulnerability in Solarwinds Serv-U SolarWinds Serv-U before 15.2.2 allows Authenticated Directory Traversal. | 6.5 |
| 2021-01-15 | CVE-2019-16961 | Cross-site Scripting vulnerability in Solarwinds web Help Desk 12.7.0 SolarWinds Web Help Desk 12.7.0 allows XSS via a Schedule Name. | 5.4 |