Vulnerabilities > Solarwinds
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-04 | CVE-2019-12864 | Information Exposure Through an Error Message vulnerability in Solarwinds products SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) is vulnerable to Information Leakage, because of improper error handling with stack traces, as demonstrated by discovering a full pathname upon a 500 Internal Server Error via the api2/swis/query?lang=en-us&swAlertOnError=false query parameter. | 5.5 |
| 2020-04-27 | CVE-2019-20002 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Solarwinds Webhelpdesk 12.7.1 Formula Injection exists in the export feature in SolarWinds WebHelpDesk 12.7.1 via a value (provided by a low-privileged user in the Subject field of a help request form) that is mishandled in a TicketActions/view?tab=group TSV export by an admin user. | 7.8 |
| 2020-04-07 | CVE-2020-5734 | Classic Buffer Overflow vulnerability in Solarwinds Dameware 12.1 Classic buffer overflow in SolarWinds Dameware allows a remote, unauthenticated attacker to cause a denial of service by sending a large 'SigPubkeyLen' during ECDH key exchange. | 7.5 |
| 2020-03-18 | CVE-2019-12769 | Cross-Site Request Forgery (CSRF) vulnerability in Solarwinds Serv-U Managed File Transfer 15.1.5/15.1.6 SolarWinds Serv-U Managed File Transfer (MFT) Web client before 15.1.6 Hotfix 2 is vulnerable to Cross-Site Request Forgery in the file upload functionality via ?Command=Upload with the Dir and File parameters. | 8.8 |
| 2020-02-25 | CVE-2019-12863 | Cross-site Scripting vulnerability in Solarwinds products SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) allows Stored HTML Injection by administrators via the Web Console Settings screen. | 4.8 |
| 2020-02-17 | CVE-2019-12954 | Cross-site Scripting vulnerability in Solarwinds products SolarWinds Network Performance Monitor (Orion Platform 2018, NPM 12.3, NetPath 1.1.3) allows XSS by authenticated users via a crafted onerror attribute of a VIDEO element in an action for an ALERT. | 5.4 |
| 2020-01-26 | CVE-2020-7984 | Cleartext Transmission of Sensitive Information vulnerability in Solarwinds N-Central 12.2 SolarWinds N-central before 12.1 SP1 HF5 and 12.2 before SP1 HF2 allows remote attackers to retrieve cleartext domain admin credentials from the Agent & Probe settings, and obtain other sensitive information. | 7.5 |
| 2020-01-17 | CVE-2019-17127 | Cross-site Scripting vulnerability in Solarwinds Orion Platform 2019.2 A Stored Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many application forms. | 6.1 |
| 2020-01-17 | CVE-2019-17125 | Cross-site Scripting vulnerability in Solarwinds Orion Platform 2019.2 A Reflected Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many forms. | 6.1 |
| 2019-12-18 | CVE-2019-19829 | Cross-site Scripting vulnerability in Solarwinds Serv-U FTP Server 15.1.7 A cross-site scripting (XSS) vulnerability exists in SolarWinds Serv-U FTP Server 15.1.7 in the email parameter, a different vulnerability than CVE-2018-19934 and CVE-2019-13182. | 5.4 |