Vulnerabilities > Solarwinds
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-17 | CVE-2019-17127 | Cross-site Scripting vulnerability in Solarwinds Orion Platform 2019.2 A Stored Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many application forms. | 6.1 |
| 2020-01-17 | CVE-2019-17125 | Cross-site Scripting vulnerability in Solarwinds Orion Platform 2019.2 A Reflected Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many forms. | 6.1 |
| 2019-12-18 | CVE-2019-19829 | Cross-site Scripting vulnerability in Solarwinds Serv-U FTP Server 15.1.7 A cross-site scripting (XSS) vulnerability exists in SolarWinds Serv-U FTP Server 15.1.7 in the email parameter, a different vulnerability than CVE-2018-19934 and CVE-2019-13182. | 5.4 |
| 2019-12-16 | CVE-2019-13182 | Cross-site Scripting vulnerability in Solarwinds Serv-U FTP Server 15.1.7 A stored cross-site scripting (XSS) vulnerability exists in the web UI of SolarWinds Serv-U FTP Server 15.1.7. | 5.4 |
| 2019-12-16 | CVE-2019-13181 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Solarwinds Serv-U FTP Server 15.1.7 A CSV injection vulnerability exists in the web UI of SolarWinds Serv-U FTP Server v15.1.7. | 6.5 |
| 2019-10-08 | CVE-2019-3980 | Origin Validation Error vulnerability in Solarwinds Dameware Mini Remote Control 12.1.0.89 The Solarwinds Dameware Mini Remote Client agent v12.1.0.89 supports smart card authentication which can allow a user to upload an executable to be executed on the DWRCS.exe host. | 9.8 |
| 2019-08-14 | CVE-2018-19386 | Cross-site Scripting vulnerability in Solarwinds Database Performance Analyzer 11.1.457 SolarWinds Database Performance Analyzer 11.1.457 contains an instance of Reflected XSS in its idcStateError component, where the page parameter is reflected into the HREF of the 'Try Again' Button on the page, aka a /iwc/idcStateError.iwc?page= URI. | 6.1 |
| 2019-07-16 | CVE-2018-13442 | SQL Injection vulnerability in Solarwinds Network Performance Monitor SolarWinds Network Performance Monitor 12.3 allows SQL Injection via the /api/ActiveAlertsOnThisEntity/GetActiveAlerts TriggeringObjectEntityNames parameter. | 8.8 |
| 2019-06-17 | CVE-2019-12181 | OS Command Injection vulnerability in Solarwinds Serv-U FTP Server and Serv-U MFT Server A privilege escalation vulnerability exists in SolarWinds Serv-U before 15.1.7 for Linux. | 8.8 |
| 2019-06-07 | CVE-2019-3957 | Out-of-bounds Read vulnerability in Solarwinds Dameware Mini Remote Control Dameware Remote Mini Control version 12.1.0.34 and prior contains an unauthenticated remote buffer over-read due to the server not properly validating RsaSignatureLen during key negotiation, which could crash the application or leak sensitive information. | 7.4 |