Vulnerabilities > Solarwinds > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-16 | CVE-2022-38106 | Cross-site Scripting vulnerability in Solarwinds Serv-U 15.3.0/15.3.1 This vulnerability happens in the web client versions 15.3.0 to Serv-U 15.3.1. | 5.4 |
| 2022-11-23 | CVE-2021-35246 | Cleartext Transmission of Sensitive Information vulnerability in Solarwinds Engineer'S Toolset 2020.2.6 The application fails to prevent users from connecting to it over unencrypted connections. | 5.3 |
| 2022-11-23 | CVE-2022-38113 | Information Exposure vulnerability in Solarwinds Security Event Manager 2022.4 This vulnerability discloses build and services versions in the server response header. | 5.3 |
| 2022-11-23 | CVE-2022-38114 | HTTP Request Smuggling vulnerability in Solarwinds Security Event Manager This vulnerability occurs when a web server fails to correctly process the Content-Length of POST requests. | 6.1 |
| 2022-11-23 | CVE-2022-38115 | Interpretation Conflict vulnerability in Solarwinds Security Event Manager Insecure method vulnerability in which allowed HTTP methods are disclosed. | 5.3 |
| 2022-10-20 | CVE-2022-36966 | Authorization Bypass Through User-Controlled Key vulnerability in Solarwinds Orion Platform Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds Platform 2022.3 and previous. | 5.4 |
| 2022-10-19 | CVE-2022-38107 | Information Exposure Through an Error Message vulnerability in Solarwinds SQL Sentry 2021.18.10 Sensitive information could be displayed when a detailed technical error message is posted. | 5.3 |
| 2022-10-10 | CVE-2021-35226 | Inadequate Encryption Strength vulnerability in Solarwinds Network Configuration Manager An entity in Network Configuration Manager product is misconfigured and exposing password field to Solarwinds Information Service (SWIS). | 6.5 |
| 2022-09-30 | CVE-2022-36965 | Cross-site Scripting vulnerability in Solarwinds Platform 2022.2.0 Insufficient sanitization of inputs in QoE application input field could lead to stored and Dom based XSS attack. | 6.1 |
| 2022-05-17 | CVE-2021-35249 | Unspecified vulnerability in Solarwinds Serv-U This broken access control vulnerability pertains specifically to a domain admin who can access configuration & user data of other domains which they should not have access to. | 4.3 |