Vulnerabilities > Solarwinds

DATE	CVE	VULNERABILITY TITLE	RISK
2020-07-07	CVE-2020-15574	Unspecified vulnerability in Solarwinds Serv-U SolarWinds Serv-U File Server before 15.2.1 mishandles the Same-Site cookie attribute, aka Case Number 00331893. network low complexity solarwinds	7.5
2020-07-07	CVE-2020-15573	Cross-site Scripting vulnerability in Solarwinds Serv-U SolarWinds Serv-U File Server before 15.2.1 has a "Cross-script vulnerability," aka Case Numbers 00041778 and 00306421. network low complexity solarwinds CWE-79	6.1
2020-07-05	CVE-2020-15543	Improper Input Validation vulnerability in Solarwinds Serv-U FTP Server SolarWinds Serv-U FTP server before 15.2.1 does not validate an argument path. network low complexity solarwinds CWE-20 critical	9.8
2020-07-05	CVE-2020-15542	Unspecified vulnerability in Solarwinds Serv-U FTP Server SolarWinds Serv-U FTP server before 15.2.1 mishandles the CHMOD command. network low complexity solarwinds critical	9.8
2020-07-05	CVE-2020-15541	Unspecified vulnerability in Solarwinds Serv-U FTP Server SolarWinds Serv-U FTP server before 15.2.1 allows remote command execution. network low complexity solarwinds critical	9.8
2020-06-24	CVE-2020-14007	Cross-site Scripting vulnerability in Solarwinds products Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows XSS via a name of an alert definition. network low complexity solarwinds CWE-79	5.4
2020-06-24	CVE-2020-14006	Cross-site Scripting vulnerability in Solarwinds products Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows XSS via a Responsible Team. network low complexity solarwinds CWE-79	5.4
2020-06-24	CVE-2020-14005	Unspecified vulnerability in Solarwinds products Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows remote attackers to execute arbitrary code via a defined event. network low complexity solarwinds	8.8
2020-06-07	CVE-2020-13912	Incorrect Permission Assignment for Critical Resource vulnerability in Solarwinds Advanced Monitoring Agent 10.8.8 SolarWinds Advanced Monitoring Agent before 10.8.9 allows local users to gain privileges via a Trojan horse .exe file, because everyone can write to a certain .exe file. local low complexity solarwinds CWE-732	7.3
2020-05-07	CVE-2020-12608	Incorrect Default Permissions vulnerability in Solarwinds Managed Service Provider Patch Management Engine An issue was discovered in SolarWinds MSP PME (Patch Management Engine) Cache Service before 1.1.15 in the Advanced Monitoring Agent. local low complexity solarwinds CWE-276	7.8

Vulnerabilities > Solarwinds {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Solarwinds"}]}

Vulnerabilities > Solarwinds