Vulnerabilities > Solarwinds > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-01 | CVE-2021-35216 | Deserialization of Untrusted Data vulnerability in Solarwinds Patch Manager Insecure Deserialization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module. | 8.8 |
| 2021-09-01 | CVE-2021-35218 | Deserialization of Untrusted Data vulnerability in Solarwinds Orion Platform Deserialization of Untrusted Data in the Web Console Chart Endpoint can lead to remote code execution. | 8.8 |
| 2021-08-31 | CVE-2021-35212 | SQL Injection vulnerability in Solarwinds Orion Platform An SQL injection Privilege Escalation Vulnerability was discovered in the Orion Platform reported by the ZDI Team. | 8.8 |
| 2021-08-31 | CVE-2021-35213 | Unspecified vulnerability in Solarwinds Orion Platform 2016.1/2020.2 An Improper Access Control Privilege Escalation Vulnerability was discovered in the User Setting of Orion Platform version 2020.2.5. | 8.8 |
| 2021-08-31 | CVE-2021-35223 | Unspecified vulnerability in Solarwinds Serv-U The Serv-U File Server allows for events such as user login failures to be audited by executing a command. | 8.8 |
| 2021-08-31 | CVE-2021-35221 | Unspecified vulnerability in Solarwinds Orion Platform Improper Access Control Tampering Vulnerability using ImportAlert function which can lead to a Remote Code Execution (RCE) from the Alerts Settings page. | 8.1 |
| 2021-08-31 | CVE-2021-35220 | Command Injection vulnerability in Solarwinds Orion Platform Command Injection vulnerability in EmailWebPage API which can lead to a Remote Code Execution (RCE) from the Alerts Settings page. | 7.2 |
| 2021-05-21 | CVE-2021-31475 | Incorrect Permission Assignment for Critical Resource vulnerability in Solarwinds Orion JOB Scheduler 2020.2.1 This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Job Scheduler 2020.2.1 HF 2. | 8.8 |
| 2021-05-04 | CVE-2021-3154 | Injection vulnerability in Solarwinds Serv-U An issue was discovered in SolarWinds Serv-U before 15.2.2. | 7.5 |
| 2021-04-22 | CVE-2021-27277 | Deserialization of Untrusted Data vulnerability in Solarwinds Orion Platform 2020.2 This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Orion Virtual Infrastructure Monitor 2020.2. | 7.8 |