Vulnerabilities > Solarwinds

DATE	CVE	VULNERABILITY TITLE	RISK
2022-12-16	CVE-2021-35252	Improper Authentication vulnerability in Solarwinds Serv-U Common encryption key appears to be used across all deployed instances of Serv-U FTP Server. network low complexity solarwinds CWE-287	7.5
2022-12-16	CVE-2022-38106	Cross-site Scripting vulnerability in Solarwinds Serv-U 15.3.0/15.3.1 This vulnerability happens in the web client versions 15.3.0 to Serv-U 15.3.1. network low complexity solarwinds CWE-79	5.4
2022-11-29	CVE-2022-36960	Improper Input Validation vulnerability in Solarwinds Orion Platform SolarWinds Platform was susceptible to Improper Input Validation. network low complexity solarwinds CWE-20	8.8
2022-11-29	CVE-2022-36962	Command Injection vulnerability in Solarwinds Orion Platform SolarWinds Platform was susceptible to Command Injection. network low complexity solarwinds CWE-77	7.2
2022-11-29	CVE-2022-36964	Deserialization of Untrusted Data vulnerability in Solarwinds Orion Platform SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. network low complexity solarwinds CWE-502	8.8
2022-11-23	CVE-2021-35246	Cleartext Transmission of Sensitive Information vulnerability in Solarwinds Engineer'S Toolset 2020.2.6 The application fails to prevent users from connecting to it over unencrypted connections. network low complexity solarwinds CWE-319	5.3
2022-11-23	CVE-2022-38113	Information Exposure vulnerability in Solarwinds Security Event Manager 2022.4 This vulnerability discloses build and services versions in the server response header. network low complexity solarwinds CWE-200	5.3
2022-11-23	CVE-2022-38114	HTTP Request Smuggling vulnerability in Solarwinds Security Event Manager This vulnerability occurs when a web server fails to correctly process the Content-Length of POST requests. network low complexity solarwinds CWE-444	6.1
2022-11-23	CVE-2022-38115	Interpretation Conflict vulnerability in Solarwinds Security Event Manager Insecure method vulnerability in which allowed HTTP methods are disclosed. network low complexity solarwinds CWE-436	5.3
2022-10-20	CVE-2022-36957	Deserialization of Untrusted Data vulnerability in Solarwinds Orion Platform SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. network low complexity solarwinds CWE-502	7.2

Vulnerabilities > Solarwinds {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Solarwinds"}]}

Vulnerabilities > Solarwinds