High

DATE	CVE	VULNERABILITY TITLE	RISK
2021-08-31	CVE-2021-35221	Unspecified vulnerability in Solarwinds Orion Platform Improper Access Control Tampering Vulnerability using ImportAlert function which can lead to a Remote Code Execution (RCE) from the Alerts Settings page. network low complexity solarwinds	8.1
2021-04-22	CVE-2021-27277	Deserialization of Untrusted Data vulnerability in Solarwinds Orion Platform 2020.2 This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Orion Virtual Infrastructure Monitor 2020.2. local low complexity solarwinds CWE-502	7.2
2021-04-14	CVE-2021-27258	Unspecified vulnerability in Solarwinds Orion Platform 2020.2 This vulnerability allows remote attackers to execute escalate privileges on affected installations of SolarWinds Orion Platform 2020.2. network low complexity solarwinds	7.5
2021-03-29	CVE-2021-27240	Deserialization of Untrusted Data vulnerability in Solarwinds Patch Manager 2020.2.1 This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Patch Manager 2020.2.1. local low complexity solarwinds CWE-502	7.2
2021-02-03	CVE-2020-35481	Unspecified vulnerability in Solarwinds Serv-U 15.1.6/15.2.1 SolarWinds Serv-U before 15.2.2 allows Unauthenticated Macro Injection. network low complexity solarwinds	7.5
2020-07-05	CVE-2020-15543	Improper Input Validation vulnerability in Solarwinds Serv-U FTP Server SolarWinds Serv-U FTP server before 15.2.1 does not validate an argument path. network low complexity solarwinds CWE-20	7.5
2020-07-05	CVE-2020-15542	Unspecified vulnerability in Solarwinds Serv-U FTP Server SolarWinds Serv-U FTP server before 15.2.1 mishandles the CHMOD command. network low complexity solarwinds	7.5
2020-07-05	CVE-2020-15541	Code Injection vulnerability in Solarwinds Serv-U FTP Server SolarWinds Serv-U FTP server before 15.2.1 allows remote command execution. network low complexity solarwinds CWE-94	7.5
2020-06-24	CVE-2020-14005	Unspecified vulnerability in Solarwinds products Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows remote attackers to execute arbitrary code via a defined event. network low complexity solarwinds	8.8
2020-04-27	CVE-2019-20002	Improper Neutralization of Formula Elements in a CSV File vulnerability in Solarwinds Webhelpdesk 12.7.1 Formula Injection exists in the export feature in SolarWinds WebHelpDesk 12.7.1 via a value (provided by a low-privileged user in the Subject field of a help request form) that is mishandled in a TicketActions/view?tab=group TSV export by an admin user. local low complexity solarwinds CWE-1236	7.8