Vulnerabilities > Solarwinds > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-08 | CVE-2019-3980 | Improper Input Validation vulnerability in Solarwinds Dameware Mini Remote Control 12.1.0.89 The Solarwinds Dameware Mini Remote Client agent v12.1.0.89 supports smart card authentication which can allow a user to upload an executable to be executed on the DWRCS.exe host. | 10.0 |
| 2019-03-21 | CVE-2018-15906 | Unspecified vulnerability in Solarwinds Serv-U FTP Server 15.1.6 SolarWinds Serv-U FTP Server 15.1.6 allows remote authenticated users to execute arbitrary code by leveraging the Import feature and modifying a CSV file. | 9.0 |
| 2019-02-18 | CVE-2019-8917 | Unspecified vulnerability in Solarwinds Orion Network Performance Monitor SolarWinds Orion NPM before 12.4 suffers from a SYSTEM remote code execution vulnerability in the OrionModuleEngine service. | 10.0 |
| 2017-12-20 | CVE-2012-2576 | SQL Injection vulnerability in Solarwinds Backup Profiler, Storage Manager and Storage Profiler SQL injection vulnerability in the LoginServlet page in SolarWinds Storage Manager before 5.1.2, SolarWinds Storage Profiler before 5.1.2, and SolarWinds Backup Profiler before 5.1.2 allows remote attackers to execute arbitrary SQL commands via the loginName field. | 10.0 |
| 2017-04-12 | CVE-2017-7722 | Command Injection vulnerability in Solarwinds LOG & Event Manager 6.3.1 In SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4, a menu system is encountered when the SSH service is accessed with "cmc" and "password" (the default username and password). | 10.0 |
| 2016-06-17 | CVE-2016-3642 | Remote Code Execution vulnerability in Solarwinds Virtualization Manager The RMI service in SolarWinds Virtualization Manager 6.3.1 and earlier allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. | 10.0 |
| 2016-05-09 | CVE-2016-4350 | SQL Injection vulnerability in Solarwinds Storage Resource Monitor Multiple SQL injection vulnerabilities in the Web Services web server in SolarWinds Storage Resource Monitor (SRM) Profiler (formerly Storage Manager (STM)) before 6.2.3 allow remote attackers to execute arbitrary SQL commands via the (1) ScriptSchedule parameter in the ScriptServlet servlet; the (2) winEventId or (3) winEventLog parameter in the WindowsEventLogsServlet servlet; the (4) processOS parameter in the ProcessesServlet servlet; the (5) group, (6) groupName, or (7) clientName parameter in the BackupExceptionsServlet servlet; the (8) valDB or (9) valFS parameter in the BackupAssociationServlet servlet; the (10) orderBy or (11) orderDir parameter in the HostStorageServlet servlet; the (12) fileName, (13) sortField, or (14) sortDirection parameter in the DuplicateFilesServlet servlet; the (15) orderFld or (16) orderDir parameter in the QuantumMonitorServlet servlet; the (17) exitCode parameter in the NbuErrorMessageServlet servlet; the (18) udfName, (19) displayName, (20) udfDescription, (21) udfDataValue, (22) udfSectionName, or (23) udfId parameter in the UserDefinedFieldConfigServlet servlet; the (24) sortField or (25) sortDirection parameter in the XiotechMonitorServlet servlet; the (26) sortField or (27) sortDirection parameter in the BexDriveUsageSummaryServlet servlet; the (28) state parameter in the ScriptServlet servlet; the (29) assignedNames parameter in the FileActionAssignmentServlet servlet; the (30) winEventSource parameter in the WindowsEventLogsServlet servlet; or the (31) name, (32) ipOne, (33) ipTwo, or (34) ipThree parameter in the XiotechMonitorServlet servlet. | 10.0 |
| 2015-10-15 | CVE-2015-7838 | Improper Input Validation vulnerability in Solarwinds Storage Manager 6.1 ProcessFileUpload.jsp in SolarWinds Storage Manager before 6.2 allows remote attackers to upload and execute arbitrary files via unspecified vectors. | 10.0 |
| 2015-07-06 | CVE-2015-5371 | Remote Code Execution vulnerability in SolarWinds Storage Manager The AuthenticationFilter class in SolarWinds Storage Manager allows remote attackers to upload and execute arbitrary scripts via unspecified vectors. | 10.0 |
| 2015-03-24 | CVE-2015-2284 | Permissions, Privileges, and Access Controls vulnerability in Solarwinds Firewall Security Manager 6.6.5 userlogin.jsp in SolarWinds Firewall Security Manager (FSM) before 6.6.5 HotFix1 allows remote attackers to gain privileges and execute arbitrary code via unspecified vectors, related to client session handling. | 10.0 |