Vulnerabilities > Solarwinds > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-19 | CVE-2022-38107 | Information Exposure Through an Error Message vulnerability in Solarwinds SQL Sentry 2021.18.10 Sensitive information could be displayed when a detailed technical error message is posted. | 5.3 |
| 2022-10-10 | CVE-2021-35226 | Inadequate Encryption Strength vulnerability in Solarwinds Network Configuration Manager An entity in Network Configuration Manager product is misconfigured and exposing password field to Solarwinds Information Service (SWIS). | 6.5 |
| 2022-09-30 | CVE-2022-36965 | Cross-site Scripting vulnerability in Solarwinds Platform 2022.2.0 Insufficient sanitization of inputs in QoE application input field could lead to stored and Dom based XSS attack. | 6.1 |
| 2022-05-17 | CVE-2021-35249 | Unspecified vulnerability in Solarwinds Serv-U This broken access control vulnerability pertains specifically to a domain admin who can access configuration & user data of other domains which they should not have access to. | 4.3 |
| 2022-04-21 | CVE-2021-35229 | Cross-site Scripting vulnerability in Solarwinds products Cross-site scripting vulnerability is present in Database Performance Monitor 2022.1.7779 and previous versions when using a complex SQL query | 4.3 |
| 2022-03-10 | CVE-2021-35251 | Information Exposure Through an Error Message vulnerability in Solarwinds web Help Desk Sensitive information could be displayed when a detailed technical error message is posted. | 5.0 |
| 2022-01-10 | CVE-2021-35247 | Improper Input Validation vulnerability in Solarwinds Serv-U Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized. | 5.0 |
| 2021-12-27 | CVE-2021-35232 | Use of Hard-coded Credentials vulnerability in Solarwinds Webhelpdesk Hard coded credentials discovered in SolarWinds Web Help Desk product. | 6.1 |
| 2021-12-23 | CVE-2021-35243 | Unspecified vulnerability in Solarwinds web Help Desk The HTTP PUT and DELETE methods were enabled in the Web Help Desk web server (12.7.7 and earlier), allowing users to execute dangerous HTTP requests. | 5.0 |
| 2021-12-20 | CVE-2021-35248 | Incorrect Permission Assignment for Critical Resource vulnerability in Solarwinds Orion Platform It has been reported that any Orion user, e.g. | 4.3 |