Vulnerabilities > Solarwinds > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-03 | CVE-2021-25274 | Deserialization of Untrusted Data vulnerability in Solarwinds Orion Platform The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ (Microsoft Message Queue) and doesn't set permissions on its private queues. | 10.0 |
| 2020-12-29 | CVE-2020-10148 | Improper Authentication vulnerability in Solarwinds Orion Platform 2019.4/2020.2/2020.2.1 The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. | 9.8 |
| 2020-12-16 | CVE-2020-25618 | OS Command Injection vulnerability in Solarwinds N-Central 12.3.0.670 An issue was discovered in SolarWinds N-Central 12.3.0.670. | 9.0 |
| 2020-12-16 | CVE-2020-25617 | Path Traversal vulnerability in Solarwinds N-Central 12.3.0.670 An issue was discovered in SolarWinds N-Central 12.3.0.670. | 9.0 |
| 2020-05-07 | CVE-2020-12608 | Incorrect Default Permissions vulnerability in Solarwinds Managed Service Provider Patch Management Engine An issue was discovered in SolarWinds MSP PME (Patch Management Engine) Cache Service before 1.1.15 in the Advanced Monitoring Agent. | 9.3 |
| 2019-10-08 | CVE-2019-3980 | Improper Input Validation vulnerability in Solarwinds Dameware Mini Remote Control 12.1.0.89 The Solarwinds Dameware Mini Remote Client agent v12.1.0.89 supports smart card authentication which can allow a user to upload an executable to be executed on the DWRCS.exe host. | 10.0 |
| 2019-03-21 | CVE-2018-15906 | Unspecified vulnerability in Solarwinds Serv-U FTP Server 15.1.6 SolarWinds Serv-U FTP Server 15.1.6 allows remote authenticated users to execute arbitrary code by leveraging the Import feature and modifying a CSV file. | 9.0 |
| 2019-02-18 | CVE-2019-8917 | Unspecified vulnerability in Solarwinds Orion Network Performance Monitor SolarWinds Orion NPM before 12.4 suffers from a SYSTEM remote code execution vulnerability in the OrionModuleEngine service. | 10.0 |
| 2017-12-20 | CVE-2012-2576 | SQL Injection vulnerability in Solarwinds Backup Profiler, Storage Manager and Storage Profiler SQL injection vulnerability in the LoginServlet page in SolarWinds Storage Manager before 5.1.2, SolarWinds Storage Profiler before 5.1.2, and SolarWinds Backup Profiler before 5.1.2 allows remote attackers to execute arbitrary SQL commands via the loginName field. | 10.0 |
| 2017-04-12 | CVE-2017-7722 | Command Injection vulnerability in Solarwinds LOG & Event Manager 6.3.1 In SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4, a menu system is encountered when the SSH service is accessed with "cmc" and "password" (the default username and password). | 10.0 |