Vulnerabilities > Solarwinds > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-16 | CVE-2020-25618 | OS Command Injection vulnerability in Solarwinds N-Central 12.3.0.670 An issue was discovered in SolarWinds N-Central 12.3.0.670. | 8.8 |
| 2020-12-16 | CVE-2020-25617 | Path Traversal vulnerability in Solarwinds N-Central 12.3.0.670 An issue was discovered in SolarWinds N-Central 12.3.0.670. | 8.8 |
| 2020-10-19 | CVE-2020-15909 | Session Fixation vulnerability in Solarwinds N-Central SolarWinds N-central through 2020.1 allows session hijacking and requires user interaction or physical access. | 8.8 |
| 2020-07-07 | CVE-2020-15576 | Unspecified vulnerability in Solarwinds Serv-U SolarWinds Serv-U File Server before 15.2.1 allows information disclosure via an HTTP response. | 7.5 |
| 2020-07-07 | CVE-2020-15574 | Unspecified vulnerability in Solarwinds Serv-U SolarWinds Serv-U File Server before 15.2.1 mishandles the Same-Site cookie attribute, aka Case Number 00331893. | 7.5 |
| 2020-06-24 | CVE-2020-14005 | Unspecified vulnerability in Solarwinds products Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows remote attackers to execute arbitrary code via a defined event. | 8.8 |
| 2020-06-07 | CVE-2020-13912 | Incorrect Permission Assignment for Critical Resource vulnerability in Solarwinds Advanced Monitoring Agent 10.8.8 SolarWinds Advanced Monitoring Agent before 10.8.9 allows local users to gain privileges via a Trojan horse .exe file, because everyone can write to a certain .exe file. | 7.3 |
| 2020-05-07 | CVE-2020-12608 | Incorrect Default Permissions vulnerability in Solarwinds Managed Service Provider Patch Management Engine An issue was discovered in SolarWinds MSP PME (Patch Management Engine) Cache Service before 1.1.15 in the Advanced Monitoring Agent. | 7.8 |
| 2020-04-27 | CVE-2019-20002 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Solarwinds Webhelpdesk 12.7.1 Formula Injection exists in the export feature in SolarWinds WebHelpDesk 12.7.1 via a value (provided by a low-privileged user in the Subject field of a help request form) that is mishandled in a TicketActions/view?tab=group TSV export by an admin user. | 7.8 |
| 2020-04-07 | CVE-2020-5734 | Classic Buffer Overflow vulnerability in Solarwinds Dameware 12.1 Classic buffer overflow in SolarWinds Dameware allows a remote, unauthenticated attacker to cause a denial of service by sending a large 'SigPubkeyLen' during ECDH key exchange. | 7.5 |