Vulnerabilities > Solarwinds > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-30 | CVE-2022-36961 | SQL Injection vulnerability in Solarwinds Orion Platform A vulnerable component of Orion Platform was vulnerable to SQL Injection, an authenticated attacker could leverage this for privilege escalation or remote code execution. | 8.8 |
| 2022-04-25 | CVE-2021-35250 | Path Traversal vulnerability in Solarwinds Serv-U 15.3 A researcher reported a Directory Transversal Vulnerability in Serv-U 15.3. | 7.5 |
| 2022-03-25 | CVE-2021-35254 | Unspecified vulnerability in Solarwinds Webhelpdesk SolarWinds received a report of a vulnerability related to an input that was not sanitized in WebHelpDesk. | 8.8 |
| 2021-12-23 | CVE-2021-35243 | Unspecified vulnerability in Solarwinds web Help Desk The HTTP PUT and DELETE methods were enabled in the Web Help Desk web server (12.7.7 and earlier), allowing users to execute dangerous HTTP requests. | 7.5 |
| 2021-12-20 | CVE-2021-35234 | SQL Injection vulnerability in Solarwinds Orion Platform 2016.1/2020.2/2020.2.6 Numerous exposed dangerous functions within Orion Core has allows for read-only SQL injection leading to privileged escalation. | 8.8 |
| 2021-12-20 | CVE-2021-35244 | Unrestricted Upload of File with Dangerous Type vulnerability in Solarwinds Orion Platform The "Log alert to a file" action within action management enables any Orion Platform user with Orion alert management rights to write to any file. | 7.2 |
| 2021-12-06 | CVE-2021-35242 | Cross-Site Request Forgery (CSRF) vulnerability in Solarwinds Serv-U 15.1.6/15.2.1/15.2.2 Serv-U server responds with valid CSRFToken when the request contains only Session. | 8.8 |
| 2021-10-21 | CVE-2021-35227 | Deserialization of Untrusted Data vulnerability in Solarwinds Access Rights Manager The HTTP interface was enabled for RabbitMQ Plugin in ARM 2020.2.6 and the ability to configure HTTPS was not available. | 7.8 |
| 2021-09-08 | CVE-2021-35217 | Deserialization of Untrusted Data vulnerability in Solarwinds Patch Manager Insecure Deseralization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module and reported to us by ZDI. | 8.8 |
| 2021-09-01 | CVE-2021-35215 | Deserialization of Untrusted Data vulnerability in Solarwinds Orion Platform 2016.1/2020.2 Insecure deserialization leading to Remote Code Execution was detected in the Orion Platform version 2020.2.5. | 8.8 |