Vulnerabilities > Solarwinds > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-08 | CVE-2021-35217 | Deserialization of Untrusted Data vulnerability in Solarwinds Patch Manager Insecure Deseralization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module and reported to us by ZDI. | 8.8 |
| 2021-09-01 | CVE-2021-35215 | Deserialization of Untrusted Data vulnerability in Solarwinds Orion Platform Insecure deserialization leading to Remote Code Execution was detected in the Orion Platform version 2020.2.5. | 8.8 |
| 2021-09-01 | CVE-2021-35216 | Deserialization of Untrusted Data vulnerability in Solarwinds Patch Manager Insecure Deserialization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module. | 8.8 |
| 2021-09-01 | CVE-2021-35218 | Deserialization of Untrusted Data vulnerability in Solarwinds Orion Platform Deserialization of Untrusted Data in the Web Console Chart Endpoint can lead to remote code execution. | 8.8 |
| 2021-08-31 | CVE-2021-35212 | SQL Injection vulnerability in Solarwinds Orion Platform An SQL injection Privilege Escalation Vulnerability was discovered in the Orion Platform reported by the ZDI Team. | 8.8 |
| 2021-08-31 | CVE-2021-35213 | Unspecified vulnerability in Solarwinds Orion Platform An Improper Access Control Privilege Escalation Vulnerability was discovered in the User Setting of Orion Platform version 2020.2.5. | 8.8 |
| 2021-08-31 | CVE-2021-35223 | Unspecified vulnerability in Solarwinds Serv-U The Serv-U File Server allows for events such as user login failures to be audited by executing a command. | 8.8 |
| 2021-08-31 | CVE-2021-35221 | Unspecified vulnerability in Solarwinds Orion Platform Improper Access Control Tampering Vulnerability using ImportAlert function which can lead to a Remote Code Execution (RCE) from the Alerts Settings page. | 8.1 |
| 2021-08-31 | CVE-2021-35220 | Command Injection vulnerability in Solarwinds Orion Platform Command Injection vulnerability in EmailWebPage API which can lead to a Remote Code Execution (RCE) from the Alerts Settings page. | 7.2 |
| 2021-05-21 | CVE-2021-31475 | Unspecified vulnerability in Solarwinds Orion JOB Scheduler 2020.2.1 This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Job Scheduler 2020.2.1 HF 2. | 8.8 |