Vulnerabilities > Solarwinds > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-07-13 CVE-2021-31217 Incorrect Default Permissions vulnerability in Solarwinds Dameware Mini Remote Control 12.0.1.200
In SolarWinds DameWare Mini Remote Control Server 12.0.1.200, insecure file permissions allow file deletion as SYSTEM.
network
low complexity
solarwinds CWE-276
critical
 9.4
9.4
2021-05-21 CVE-2021-31475 Incorrect Permission Assignment for Critical Resource vulnerability in Solarwinds Orion JOB Scheduler 2020.2.1
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Job Scheduler 2020.2.1 HF 2.
network
low complexity
solarwinds CWE-732
critical
 9.0
9.0
2021-05-21 CVE-2021-31474 Deserialization of Untrusted Data vulnerability in Solarwinds Network Performance Monitor
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor 2020.2.1.
network
low complexity
solarwinds CWE-502
critical
 10.0
10
2021-02-12 CVE-2020-27869 SQL Injection vulnerability in Solarwinds Network Performance Monitor 2020/2020.2
This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor 2020 HF1, NPM: 2020.2.
network
low complexity
solarwinds CWE-89
critical
 9.0
9.0
2021-02-10 CVE-2020-27871 Path Traversal vulnerability in Solarwinds Orion Platform 2020.2.1
This vulnerability allows remote attackers to create arbitrary files on affected installations of SolarWinds Orion Platform 2020.2.1.
network
low complexity
solarwinds CWE-22
critical
 9.0
9.0
2021-02-03 CVE-2021-25274 Deserialization of Untrusted Data vulnerability in Solarwinds Orion Platform
The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ (Microsoft Message Queue) and doesn't set permissions on its private queues.
network
low complexity
solarwinds CWE-502
critical
 10.0
10
2020-12-29 CVE-2020-10148 Improper Authentication vulnerability in Solarwinds Orion Platform 2019.4/2020.2/2020.2.1
The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands.
network
low complexity
solarwinds CWE-287
critical
 9.8
9.8
2020-12-16 CVE-2020-25617 Path Traversal vulnerability in Solarwinds N-Central 12.3.0.670
An issue was discovered in SolarWinds N-Central 12.3.0.670.
network
low complexity
solarwinds CWE-22
critical
 9.0
9.0
2020-12-16 CVE-2020-25618 OS Command Injection vulnerability in Solarwinds N-Central 12.3.0.670
An issue was discovered in SolarWinds N-Central 12.3.0.670.
network
low complexity
solarwinds CWE-78
critical
 9.0
9.0
2020-05-07 CVE-2020-12608 Incorrect Default Permissions vulnerability in Solarwinds Managed Service Provider Patch Management Engine
An issue was discovered in SolarWinds MSP PME (Patch Management Engine) Cache Service before 1.1.15 in the Advanced Monitoring Agent.
network
solarwinds CWE-276
critical
 9.3
9.3