Vulnerabilities > Solarwinds > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-10-19 CVE-2023-35187 Unspecified vulnerability in Solarwinds Access Rights Manager
The SolarWinds Access Rights Manager was susceptible to a Directory Traversal Remote Code Vulnerability.
network
low complexity
solarwinds
critical
 9.8
9.8
2021-08-31 CVE-2021-35222 Cross-site Scripting vulnerability in Solarwinds Orion Platform
This vulnerability allows attackers to impersonate users and perform arbitrary actions leading to a Remote Code Execution (RCE) from the Alerts Settings page.
network
low complexity
solarwinds CWE-79
critical
 9.6
9.6
2021-07-14 CVE-2021-35211 Out-of-bounds Write vulnerability in Solarwinds Serv-U
Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability.
network
low complexity
solarwinds CWE-787
critical
 10.0
10
2021-07-13 CVE-2021-31217 Incorrect Default Permissions vulnerability in Solarwinds Dameware Mini Remote Control 12.0.1.200
In SolarWinds DameWare Mini Remote Control Server 12.0.1.200, insecure file permissions allow file deletion as SYSTEM.
network
low complexity
solarwinds CWE-276
critical
 9.1
9.1
2021-05-21 CVE-2021-31474 Unspecified vulnerability in Solarwinds Network Performance Monitor 2020.2.1/2020.2.4
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor 2020.2.1.
network
low complexity
solarwinds
critical
 9.8
9.8
2021-04-14 CVE-2021-27258 Unspecified vulnerability in Solarwinds Orion Platform 2020.2
This vulnerability allows remote attackers to execute escalate privileges on affected installations of SolarWinds Orion Platform 2020.2.
network
low complexity
solarwinds
critical
 9.8
9.8
2021-02-03 CVE-2021-25274 Deserialization of Untrusted Data vulnerability in Solarwinds Orion Platform
The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ (Microsoft Message Queue) and doesn't set permissions on its private queues.
network
low complexity
solarwinds CWE-502
critical
 9.8
9.8
2021-02-03 CVE-2020-35481 Unspecified vulnerability in Solarwinds Serv-U
SolarWinds Serv-U before 15.2.2 allows Unauthenticated Macro Injection.
network
low complexity
solarwinds
critical
 9.8
9.8
2020-12-29 CVE-2020-10148 Improper Authentication vulnerability in Solarwinds Orion Platform 2019.4/2020.2/2020.2.1
The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands.
network
low complexity
solarwinds CWE-287
critical
 9.8
9.8
2020-09-17 CVE-2020-13169 Cross-site Scripting vulnerability in Solarwinds Orion Platform
Stored XSS (Cross-Site Scripting) exists in the SolarWinds Orion Platform before before 2020.2.1 on multiple forms and pages.
network
low complexity
solarwinds CWE-79
critical
 9.0
9.0