Vulnerabilities > Solarwinds > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-04 | CVE-2021-3154 | Injection vulnerability in Solarwinds Serv-U An issue was discovered in SolarWinds Serv-U before 15.2.2. | 7.5 |
| 2021-04-22 | CVE-2021-27277 | Unspecified vulnerability in Solarwinds Orion Platform 2020.2 This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Orion Virtual Infrastructure Monitor 2020.2. | 7.8 |
| 2021-03-29 | CVE-2021-27240 | Unspecified vulnerability in Solarwinds Patch Manager 2020.2.1 This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Patch Manager 2020.2.1. | 7.8 |
| 2021-02-12 | CVE-2020-27869 | Unspecified vulnerability in Solarwinds Network Performance Monitor 2020/2020.2 This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor 2020 HF1, NPM: 2020.2. | 8.8 |
| 2021-02-10 | CVE-2020-27871 | Unspecified vulnerability in Solarwinds Orion Platform 2020.2.1 This vulnerability allows remote attackers to create arbitrary files on affected installations of SolarWinds Orion Platform 2020.2.1. | 7.2 |
| 2021-02-03 | CVE-2021-25276 | Incorrect Permission Assignment for Critical Resource vulnerability in Solarwinds Serv-U In SolarWinds Serv-U before 15.2.2 Hotfix 1, there is a directory containing user profile files (that include users' password hashes) that is world readable and writable. | 7.1 |
| 2021-02-03 | CVE-2021-25275 | Use of Hard-coded Credentials vulnerability in Solarwinds Orion Platform SolarWinds Orion Platform before 2020.2.4, as used by various SolarWinds products, installs and uses a SQL Server backend, and stores database credentials to access this backend in a file readable by unprivileged users. | 7.8 |
| 2020-12-16 | CVE-2020-25622 | Cross-Site Request Forgery (CSRF) vulnerability in Solarwinds N-Central 12.3.0.670 An issue was discovered in SolarWinds N-Central 12.3.0.670. | 8.8 |
| 2020-12-16 | CVE-2020-25621 | Missing Authentication for Critical Function vulnerability in Solarwinds N-Central 12.3.0.670 An issue was discovered in SolarWinds N-Central 12.3.0.670. | 8.4 |
| 2020-12-16 | CVE-2020-25620 | Use of Hard-coded Credentials vulnerability in Solarwinds N-Central 12.3.0.670 An issue was discovered in SolarWinds N-Central 12.3.0.670. | 7.8 |