Vulnerabilities > Solarwinds
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-07-21 | CVE-2015-5610 | Information Exposure vulnerability in Solarwinds N-Able N-Central The RSM (aka RSMWinService) service in SolarWinds N-Able N-Central before 9.5.1.4514 uses the same password decryption key across different customers' installations, which makes it easier for remote authenticated users to obtain the cleartext domain-administrator password by locating the encrypted password within HTML source code and then leveraging knowledge of this key from another installation. | 4.0 |
| 2015-07-06 | CVE-2015-5371 | Remote Code Execution vulnerability in SolarWinds Storage Manager The AuthenticationFilter class in SolarWinds Storage Manager allows remote attackers to upload and execute arbitrary scripts via unspecified vectors. | 10.0 |
| 2015-03-24 | CVE-2015-2284 | Permissions, Privileges, and Access Controls vulnerability in Solarwinds Firewall Security Manager 6.6.5 userlogin.jsp in SolarWinds Firewall Security Manager (FSM) before 6.6.5 HotFix1 allows remote attackers to gain privileges and execute arbitrary code via unspecified vectors, related to client session handling. | 10.0 |
| 2015-03-10 | CVE-2014-9566 | SQL Injection vulnerability in Solarwinds products Multiple SQL injection vulnerabilities in the Manage Accounts page in the AccountManagement.asmx service in the Solarwinds Orion Platform 2015.1, as used in Network Performance Monitor (NPM) before 11.5, NetFlow Traffic Analyzer (NTA) before 4.1, Network Configuration Manager (NCM) before 7.3.2, IP Address Manager (IPAM) before 4.3, User Device Tracker (UDT) before 3.2, VoIP & Network Quality Manager (VNQM) before 4.2, Server & Application Manager (SAM) before 6.2, Web Performance Monitor (WPM) before 2.2, and possibly other Solarwinds products, allow remote authenticated users to execute arbitrary SQL commands via the (1) dir or (2) sort parameter to the (a) GetAccounts or (b) GetAccountGroups endpoint. | 7.5 |
| 2015-02-16 | CVE-2015-1501 | Code Injection vulnerability in Solarwinds Server and Application Monitor The factory.loadExtensionFactory function in TSUnicodeGraphEditorControl in SolarWinds Server and Application Monitor (SAM) allow remote attackers to execute arbitrary code via a UNC path to a crafted binary. | 6.8 |
| 2015-02-16 | CVE-2015-1500 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Solarwinds Server and Application Monitor Multiple stack-based buffer overflows in the TSUnicodeGraphEditorControl in SolarWinds Server and Application Monitor (SAM) allow remote attackers to execute arbitrary code via unspecified vectors to (1) graphManager.load or (2) factory.load. | 6.8 |
| 2014-09-04 | CVE-2014-5504 | Credentials Management vulnerability in Solarwinds LOG and Event Manager SolarWinds Log and Event Manager before 6.0 uses "static" credentials, which makes it easier for remote attackers to obtain access to the database and execute arbitrary code via unspecified vectors, related to HyperSQL. | 7.5 |
| 2014-08-07 | CVE-2014-3459 | Buffer Errors vulnerability in Solarwinds Network Configuration Manager 7.2.0/7.2.1/7.2.2 Heap-based buffer overflow in SolarWinds Network Configuration Manager (NCM) before 7.3 allows remote attackers to execute arbitrary code via the PEstrarg1 property. | 6.8 |
| 2014-03-20 | CVE-2013-3249 | Out-Of-Bounds Write vulnerability in Solarwinds Dameware Remote Support Stack-based buffer overflow in the "Add from text file" feature in the DameWare Exporter tool (DWExporter.exe) in DameWare Remote Support 10.0.0.372, 9.0.1.247, and earlier allows user-assisted attackers to execute arbitrary code via unspecified vectors. | 9.3 |
| 2012-10-31 | CVE-2012-4939 | Cross-Site Scripting vulnerability in Solarwinds products Cross-site scripting (XSS) vulnerability in IPAMSummaryView.aspx in the IPAM web interface before 3.0-HotFix1 in SolarWinds Orion Network Performance Monitor might allow remote attackers to inject arbitrary web script or HTML via the "Search for an IP address" field. | 4.3 |