Vulnerabilities > Solarwinds > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-26 | CVE-2021-3109 | Unspecified vulnerability in Solarwinds Orion Platform The custom menu item options page in SolarWinds Orion Platform before 2020.2.5 allows Reverse Tabnabbing in the context of an administrator account. network solarwinds | 4.9 |
| 2021-02-10 | CVE-2020-27870 | Path Traversal vulnerability in Solarwinds Orion Platform 2020.2.1 This vulnerability allows remote attackers to disclose sensitive information on affected installations of SolarWinds Orion Platform 2020.2.1. | 4.0 |
| 2021-02-03 | CVE-2020-27994 | Path Traversal vulnerability in Solarwinds Serv-U 15.1.6/15.2.1 SolarWinds Serv-U before 15.2.2 allows Authenticated Directory Traversal. | 4.0 |
| 2021-01-06 | CVE-2019-16954 | Injection vulnerability in Solarwinds web Help Desk 12.7.0 SolarWinds Web Help Desk 12.7.0 allows HTML injection via a Comment in a Help Request ticket. | 4.9 |
| 2020-12-21 | CVE-2019-16959 | Injection vulnerability in Solarwinds Webhelpdesk 12.7.0 SolarWinds Web Help Desk 12.7.0 allows CSV Injection, also known as Formula Injection, via a file attached to a ticket. | 4.0 |
| 2020-12-16 | CVE-2020-25622 | Cross-Site Request Forgery (CSRF) vulnerability in Solarwinds N-Central 12.3.0.670 An issue was discovered in SolarWinds N-Central 12.3.0.670. | 6.8 |
| 2020-12-16 | CVE-2020-25620 | Use of Hard-coded Credentials vulnerability in Solarwinds N-Central 12.3.0.670 An issue was discovered in SolarWinds N-Central 12.3.0.670. | 4.6 |
| 2020-10-19 | CVE-2020-15910 | Incorrect Permission Assignment for Critical Resource vulnerability in Solarwinds N-Central SolarWinds N-Central version 12.3 GA and lower does not set the JSESSIONID attribute to HTTPOnly. | 4.3 |
| 2020-10-19 | CVE-2020-15909 | Session Fixation vulnerability in Solarwinds N-Central SolarWinds N-central through 2020.1 allows session hijacking and requires user interaction or physical access. | 6.8 |
| 2020-07-07 | CVE-2020-15576 | Information Exposure vulnerability in Solarwinds Serv-U 15.1.6 SolarWinds Serv-U File Server before 15.2.1 allows information disclosure via an HTTP response. | 5.0 |