Vulnerabilities > Solarwinds > High

DATE CVE VULNERABILITY TITLE RISK
2020-12-16 CVE-2020-25622 Cross-Site Request Forgery (CSRF) vulnerability in Solarwinds N-Central 12.3.0.670
An issue was discovered in SolarWinds N-Central 12.3.0.670.
network
low complexity
solarwinds CWE-352
8.8
8.8
2020-12-16 CVE-2020-25621 Missing Authentication for Critical Function vulnerability in Solarwinds N-Central 12.3.0.670
An issue was discovered in SolarWinds N-Central 12.3.0.670.
local
low complexity
solarwinds CWE-306
8.4
8.4
2020-12-16 CVE-2020-25620 Use of Hard-coded Credentials vulnerability in Solarwinds N-Central 12.3.0.670
An issue was discovered in SolarWinds N-Central 12.3.0.670.
local
low complexity
solarwinds CWE-798
7.8
7.8
2020-12-16 CVE-2020-25618 OS Command Injection vulnerability in Solarwinds N-Central 12.3.0.670
An issue was discovered in SolarWinds N-Central 12.3.0.670.
network
low complexity
solarwinds CWE-78
8.8
8.8
2020-12-16 CVE-2020-25617 Path Traversal vulnerability in Solarwinds N-Central 12.3.0.670
An issue was discovered in SolarWinds N-Central 12.3.0.670.
network
low complexity
solarwinds CWE-22
8.8
8.8
2020-10-19 CVE-2020-15909 Session Fixation vulnerability in Solarwinds N-Central
SolarWinds N-central through 2020.1 allows session hijacking and requires user interaction or physical access.
network
low complexity
solarwinds CWE-384
8.8
8.8
2020-07-07 CVE-2020-15576 Unspecified vulnerability in Solarwinds Serv-U
SolarWinds Serv-U File Server before 15.2.1 allows information disclosure via an HTTP response.
network
low complexity
solarwinds
7.5
7.5
2020-07-07 CVE-2020-15574 Unspecified vulnerability in Solarwinds Serv-U
SolarWinds Serv-U File Server before 15.2.1 mishandles the Same-Site cookie attribute, aka Case Number 00331893.
network
low complexity
solarwinds
7.5
7.5
2020-06-24 CVE-2020-14005 Unspecified vulnerability in Solarwinds products
Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows remote attackers to execute arbitrary code via a defined event.
network
low complexity
solarwinds
8.8
8.8
2020-06-07 CVE-2020-13912 Incorrect Permission Assignment for Critical Resource vulnerability in Solarwinds Advanced Monitoring Agent 10.8.8
SolarWinds Advanced Monitoring Agent before 10.8.9 allows local users to gain privileges via a Trojan horse .exe file, because everyone can write to a certain .exe file.
local
low complexity
solarwinds CWE-732
7.3
7.3