Vulnerabilities > Solarwinds > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-08-31 | CVE-2021-35221 | Unspecified vulnerability in Solarwinds Orion Platform Improper Access Control Tampering Vulnerability using ImportAlert function which can lead to a Remote Code Execution (RCE) from the Alerts Settings page. | 8.1 |
2021-04-22 | CVE-2021-27277 | Deserialization of Untrusted Data vulnerability in Solarwinds Orion Platform 2020.2 This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Orion Virtual Infrastructure Monitor 2020.2. | 7.2 |
2021-04-14 | CVE-2021-27258 | Unspecified vulnerability in Solarwinds Orion Platform 2020.2 This vulnerability allows remote attackers to execute escalate privileges on affected installations of SolarWinds Orion Platform 2020.2. | 7.5 |
2021-03-29 | CVE-2021-27240 | Deserialization of Untrusted Data vulnerability in Solarwinds Patch Manager 2020.2.1 This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Patch Manager 2020.2.1. | 7.2 |
2021-02-03 | CVE-2020-35481 | Unspecified vulnerability in Solarwinds Serv-U 15.1.6/15.2.1 SolarWinds Serv-U before 15.2.2 allows Unauthenticated Macro Injection. | 7.5 |
2020-07-05 | CVE-2020-15543 | Improper Input Validation vulnerability in Solarwinds Serv-U FTP Server SolarWinds Serv-U FTP server before 15.2.1 does not validate an argument path. | 7.5 |
2020-07-05 | CVE-2020-15542 | Unspecified vulnerability in Solarwinds Serv-U FTP Server SolarWinds Serv-U FTP server before 15.2.1 mishandles the CHMOD command. | 7.5 |
2020-07-05 | CVE-2020-15541 | Code Injection vulnerability in Solarwinds Serv-U FTP Server SolarWinds Serv-U FTP server before 15.2.1 allows remote command execution. | 7.5 |
2020-06-24 | CVE-2020-14005 | Unspecified vulnerability in Solarwinds products Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows remote attackers to execute arbitrary code via a defined event. | 8.8 |
2020-04-27 | CVE-2019-20002 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Solarwinds Webhelpdesk 12.7.1 Formula Injection exists in the export feature in SolarWinds WebHelpDesk 12.7.1 via a value (provided by a low-privileged user in the Subject field of a help request form) that is mishandled in a TicketActions/view?tab=group TSV export by an admin user. | 7.8 |