Vulnerabilities > Solarwinds > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-07-30 CVE-2021-28674 Incorrect Authorization vulnerability in Solarwinds Orion Platform
The node management page in SolarWinds Orion Platform before 2020.2.5 HF1 allows an attacker to create or delete a node (outside of the attacker's perimeter) via an account with write permissions.
network
low complexity
solarwinds CWE-863
5.4
5.4
2021-05-11 CVE-2021-32604 Cross-site Scripting vulnerability in Solarwinds Serv-U
Share/IncomingWizard.htm in SolarWinds Serv-U before 15.2.3 mishandles the user-supplied SenderEmail parameter, aka "Share URL XSS."
network
low complexity
solarwinds CWE-79
5.4
5.4
2021-05-05 CVE-2021-25179 Cross-site Scripting vulnerability in Solarwinds Serv-U File Server
SolarWinds Serv-U before 15.2 is affected by Cross Site Scripting (XSS) via the HTTP Host header.
network
low complexity
solarwinds CWE-79
6.1
6.1
2021-05-05 CVE-2020-22428 Cross-site Scripting vulnerability in Solarwinds Serv-U FTP Server and Serv-U MFT Server
SolarWinds Serv-U before 15.1.6 Hotfix 3 is affected by Cross Site Scripting (XSS) via a directory name (entered by an admin) containing a JavaScript payload.
network
low complexity
solarwinds CWE-79
4.8
4.8
2021-03-26 CVE-2021-3109 Unspecified vulnerability in Solarwinds Orion Platform
The custom menu item options page in SolarWinds Orion Platform before 2020.2.5 allows Reverse Tabnabbing in the context of an administrator account.
network
low complexity
solarwinds
4.8
4.8
2021-03-26 CVE-2020-35856 Cross-site Scripting vulnerability in Solarwinds Orion Platform
SolarWinds Orion Platform before 2020.2.5 allows stored XSS attacks by an administrator on the Customize View page.
network
low complexity
solarwinds CWE-79
4.8
4.8
2021-02-10 CVE-2020-27870 Unspecified vulnerability in Solarwinds Orion Platform 2020.2.1
This vulnerability allows remote attackers to disclose sensitive information on affected installations of SolarWinds Orion Platform 2020.2.1.
network
low complexity
solarwinds
6.5
6.5
2021-02-03 CVE-2020-35482 Cross-site Scripting vulnerability in Solarwinds Serv-U
SolarWinds Serv-U before 15.2.2 allows authenticated reflected XSS.
network
low complexity
solarwinds CWE-79
5.4
5.4
2021-02-03 CVE-2020-28001 Cross-site Scripting vulnerability in Solarwinds Serv-U
SolarWinds Serv-U before 15.2.2 allows Authenticated Stored XSS.
network
low complexity
solarwinds CWE-79
5.4
5.4
2021-02-03 CVE-2020-27994 Path Traversal vulnerability in Solarwinds Serv-U
SolarWinds Serv-U before 15.2.2 allows Authenticated Directory Traversal.
network
low complexity
solarwinds CWE-22
6.5
6.5