Vulnerabilities > Solarwinds > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-10-19 CVE-2023-35184 Deserialization of Untrusted Data vulnerability in Solarwinds Access Rights Manager
The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability.
network
low complexity
solarwinds CWE-502
critical
 9.8
9.8
2023-10-19 CVE-2023-35187 Path Traversal vulnerability in Solarwinds Access Rights Manager
The SolarWinds Access Rights Manager was susceptible to a Directory Traversal Remote Code Vulnerability.
network
low complexity
solarwinds CWE-22
critical
 9.8
9.8
2021-09-01 CVE-2021-35216 Deserialization of Untrusted Data vulnerability in Solarwinds Patch Manager
Insecure Deserialization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module.
network
low complexity
solarwinds CWE-502
critical
 9.0
9.0
2021-08-31 CVE-2021-35212 SQL Injection vulnerability in Solarwinds Orion Platform
An SQL injection Privilege Escalation Vulnerability was discovered in the Orion Platform reported by the ZDI Team.
network
low complexity
solarwinds CWE-89
critical
 9.0
9.0
2021-07-14 CVE-2021-35211 Out-of-bounds Write vulnerability in Solarwinds Serv-U
Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability.
network
low complexity
solarwinds CWE-787
critical
 10.0
10
2021-07-13 CVE-2021-31217 Incorrect Default Permissions vulnerability in Solarwinds Dameware Mini Remote Control 12.0.1.200
In SolarWinds DameWare Mini Remote Control Server 12.0.1.200, insecure file permissions allow file deletion as SYSTEM.
network
low complexity
solarwinds CWE-276
critical
 9.4
9.4
2021-05-21 CVE-2021-31474 Deserialization of Untrusted Data vulnerability in Solarwinds Network Performance Monitor
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor 2020.2.1.
network
low complexity
solarwinds CWE-502
critical
 10.0
10
2021-05-21 CVE-2021-31475 Incorrect Permission Assignment for Critical Resource vulnerability in Solarwinds Orion JOB Scheduler 2020.2.1
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Job Scheduler 2020.2.1 HF 2.
network
low complexity
solarwinds CWE-732
critical
 9.0
9.0
2021-02-12 CVE-2020-27869 SQL Injection vulnerability in Solarwinds Network Performance Monitor 2020/2020.2
This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor 2020 HF1, NPM: 2020.2.
network
low complexity
solarwinds CWE-89
critical
 9.0
9.0
2021-02-10 CVE-2020-27871 Path Traversal vulnerability in Solarwinds Orion Platform 2020.2.1
This vulnerability allows remote attackers to create arbitrary files on affected installations of SolarWinds Orion Platform 2020.2.1.
network
low complexity
solarwinds CWE-22
critical
 9.0
9.0