Vulnerabilities > Solarwinds > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-05 | CVE-2020-15543 | Improper Input Validation vulnerability in Solarwinds Serv-U FTP Server SolarWinds Serv-U FTP server before 15.2.1 does not validate an argument path. | 9.8 |
| 2020-07-05 | CVE-2020-15542 | Unspecified vulnerability in Solarwinds Serv-U FTP Server SolarWinds Serv-U FTP server before 15.2.1 mishandles the CHMOD command. | 9.8 |
| 2020-07-05 | CVE-2020-15541 | Unspecified vulnerability in Solarwinds Serv-U FTP Server SolarWinds Serv-U FTP server before 15.2.1 allows remote command execution. | 9.8 |
| 2019-10-08 | CVE-2019-3980 | Origin Validation Error vulnerability in Solarwinds Dameware Mini Remote Control 12.1.0.89 The Solarwinds Dameware Mini Remote Client agent v12.1.0.89 supports smart card authentication which can allow a user to upload an executable to be executed on the DWRCS.exe host. | 9.8 |
| 2019-03-01 | CVE-2019-9546 | Uncontrolled Search Path Element vulnerability in Solarwinds Orion Platform SolarWinds Orion Platform before 2018.4 Hotfix 2 allows privilege escalation through the RabbitMQ service. | 9.8 |
| 2019-02-18 | CVE-2019-8917 | Unspecified vulnerability in Solarwinds Orion Network Performance Monitor SolarWinds Orion NPM before 12.4 suffers from a SYSTEM remote code execution vulnerability in the OrionModuleEngine service. | 9.8 |
| 2018-12-05 | CVE-2018-16792 | XXE vulnerability in Solarwinds Sftp/Scp Server 20180910 SolarWinds SFTP/SCP server through 2018-09-10 is vulnerable to XXE via a world readable and writable configuration file that allows an attacker to exfiltrate data. | 9.1 |
| 2018-12-05 | CVE-2018-16791 | Insufficiently Protected Credentials vulnerability in Solarwinds Sftp/Scp Server 20180910 In SolarWinds SFTP/SCP Server through 2018-09-10, the configuration file is world readable and writable, and stores user passwords in an insecure manner, allowing an attacker to determine passwords for potentially privileged accounts. | 9.8 |
| 2017-12-20 | CVE-2012-2576 | SQL Injection vulnerability in Solarwinds Backup Profiler, Storage Manager and Storage Profiler SQL injection vulnerability in the LoginServlet page in SolarWinds Storage Manager before 5.1.2, SolarWinds Storage Profiler before 5.1.2, and SolarWinds Backup Profiler before 5.1.2 allows remote attackers to execute arbitrary SQL commands via the loginName field. | 9.8 |
| 2017-04-12 | CVE-2017-7722 | Command Injection vulnerability in Solarwinds LOG & Event Manager 6.3.1 In SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4, a menu system is encountered when the SSH service is accessed with "cmc" and "password" (the default username and password). | 10.0 |