Vulnerabilities > Solarwinds > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-21 | CVE-2021-35229 | Cross-site Scripting vulnerability in Solarwinds products Cross-site scripting vulnerability is present in Database Performance Monitor 2022.1.7779 and previous versions when using a complex SQL query | 6.1 |
| 2022-03-10 | CVE-2021-35251 | Information Exposure Through an Error Message vulnerability in Solarwinds web Help Desk Sensitive information could be displayed when a detailed technical error message is posted. | 5.3 |
| 2022-01-10 | CVE-2021-35247 | Improper Input Validation vulnerability in Solarwinds Serv-U Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized. | 5.3 |
| 2021-12-27 | CVE-2021-35232 | Use of Hard-coded Credentials vulnerability in Solarwinds Webhelpdesk Hard coded credentials discovered in SolarWinds Web Help Desk product. | 6.1 |
| 2021-12-20 | CVE-2021-35248 | Incorrect Permission Assignment for Critical Resource vulnerability in Solarwinds Orion Platform It has been reported that any Orion user, e.g. | 4.3 |
| 2021-12-06 | CVE-2021-35245 | Unspecified vulnerability in Solarwinds Serv-U When a user has admin rights in Serv-U Console, the user can move, create and delete any files are able to be accessed on the Serv-U host machine. | 6.8 |
| 2021-10-29 | CVE-2021-35237 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Solarwinds Kiwi Syslog Server A missing HTTP header (X-Frame-Options) in Kiwi Syslog Server has left customers vulnerable to click jacking. | 4.3 |
| 2021-10-27 | CVE-2021-35233 | Unspecified vulnerability in Solarwinds Kiwi Syslog Server The HTTP TRACK & TRACE methods were enabled in Kiwi Syslog Server 9.7.1 and earlier. | 5.3 |
| 2021-10-27 | CVE-2021-35235 | Unspecified vulnerability in Solarwinds Kiwi Syslog Server The ASP.NET debug feature is enabled by default in Kiwi Syslog Server 9.7.2 and previous versions. | 5.3 |
| 2021-10-27 | CVE-2021-35236 | Missing Encryption of Sensitive Data vulnerability in Solarwinds Kiwi Syslog Server The Secure flag is not set in the SSL Cookie of Kiwi Syslog Server 9.7.2 and previous versions. | 5.3 |