Vulnerabilities > Solarwinds

DATE CVE VULNERABILITY TITLE RISK
2020-02-17 CVE-2019-12954 Cross-site Scripting vulnerability in Solarwinds products
SolarWinds Network Performance Monitor (Orion Platform 2018, NPM 12.3, NetPath 1.1.3) allows XSS by authenticated users via a crafted onerror attribute of a VIDEO element in an action for an ALERT.
network
solarwinds CWE-79
3.5
2020-01-26 CVE-2020-7984 Cleartext Transmission of Sensitive Information vulnerability in Solarwinds N-Central 12.2
SolarWinds N-central before 12.1 SP1 HF5 and 12.2 before SP1 HF2 allows remote attackers to retrieve cleartext domain admin credentials from the Agent & Probe settings, and obtain other sensitive information.
network
low complexity
solarwinds CWE-319
5.0
2020-01-17 CVE-2019-17127 Cross-site Scripting vulnerability in Solarwinds Orion Platform 2019.2
A Stored Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many application forms.
network
solarwinds CWE-79
4.3
2020-01-17 CVE-2019-17125 Cross-site Scripting vulnerability in Solarwinds Orion Platform 2019.2
A Reflected Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many forms.
network
solarwinds CWE-79
4.3
2019-12-18 CVE-2019-19829 Cross-site Scripting vulnerability in Solarwinds Serv-U FTP Server 15.1.7
A cross-site scripting (XSS) vulnerability exists in SolarWinds Serv-U FTP Server 15.1.7 in the email parameter, a different vulnerability than CVE-2018-19934 and CVE-2019-13182.
network
solarwinds CWE-79
3.5
2019-12-16 CVE-2019-13182 Cross-site Scripting vulnerability in Solarwinds Serv-U FTP Server 15.1.7
A stored cross-site scripting (XSS) vulnerability exists in the web UI of SolarWinds Serv-U FTP Server 15.1.7.
network
solarwinds CWE-79
3.5
2019-12-16 CVE-2019-13181 Improper Neutralization of Formula Elements in a CSV File vulnerability in Solarwinds Serv-U FTP Server 15.1.7
A CSV injection vulnerability exists in the web UI of SolarWinds Serv-U FTP Server v15.1.7.
network
low complexity
solarwinds CWE-1236
4.0
2019-10-08 CVE-2019-3980 Improper Input Validation vulnerability in Solarwinds Dameware Mini Remote Control 12.1.0.89
The Solarwinds Dameware Mini Remote Client agent v12.1.0.89 supports smart card authentication which can allow a user to upload an executable to be executed on the DWRCS.exe host.
network
low complexity
solarwinds CWE-20
critical
10.0
2019-08-14 CVE-2018-19386 Cross-site Scripting vulnerability in Solarwinds Database Performance Analyzer 11.1.457
SolarWinds Database Performance Analyzer 11.1.457 contains an instance of Reflected XSS in its idcStateError component, where the page parameter is reflected into the HREF of the 'Try Again' Button on the page, aka a /iwc/idcStateError.iwc?page= URI.
network
solarwinds CWE-79
4.3
2019-07-16 CVE-2018-13442 SQL Injection vulnerability in Solarwinds Network Performance Monitor
SolarWinds Network Performance Monitor 12.3 allows SQL Injection via the /api/ActiveAlertsOnThisEntity/GetActiveAlerts TriggeringObjectEntityNames parameter.
network
low complexity
solarwinds CWE-89
6.5