Vulnerabilities > Solarwinds > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-07 | CVE-2020-15575 | Cross-site Scripting vulnerability in Solarwinds Serv-U 15.1.6 SolarWinds Serv-U File Server before 15.2.1 allows XSS as demonstrated by Tenable Scan, aka Case Number 00484194. | 4.3 |
| 2020-07-07 | CVE-2020-15574 | Missing Encryption of Sensitive Data vulnerability in Solarwinds Serv-U 15.1.6 SolarWinds Serv-U File Server before 15.2.1 mishandles the Same-Site cookie attribute, aka Case Number 00331893. | 5.0 |
| 2020-07-07 | CVE-2020-15573 | Cross-site Scripting vulnerability in Solarwinds Serv-U 15.1.6 SolarWinds Serv-U File Server before 15.2.1 has a "Cross-script vulnerability," aka Case Numbers 00041778 and 00306421. | 4.3 |
| 2020-06-07 | CVE-2020-13912 | Improper Privilege Management vulnerability in Solarwinds Advanced Monitoring Agent 10.8.8 SolarWinds Advanced Monitoring Agent before 10.8.9 allows local users to gain privileges via a Trojan horse .exe file, because everyone can write to a certain .exe file. | 6.0 |
| 2020-04-07 | CVE-2020-5734 | Classic Buffer Overflow vulnerability in Solarwinds Dameware 12.1 Classic buffer overflow in SolarWinds Dameware allows a remote, unauthenticated attacker to cause a denial of service by sending a large 'SigPubkeyLen' during ECDH key exchange. | 4.3 |
| 2020-01-26 | CVE-2020-7984 | Cleartext Transmission of Sensitive Information vulnerability in Solarwinds N-Central 12.2 SolarWinds N-central before 12.1 SP1 HF5 and 12.2 before SP1 HF2 allows remote attackers to retrieve cleartext domain admin credentials from the Agent & Probe settings, and obtain other sensitive information. | 5.0 |
| 2020-01-17 | CVE-2019-17127 | Cross-site Scripting vulnerability in Solarwinds Orion Platform 2019.2 A Stored Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many application forms. | 4.3 |
| 2020-01-17 | CVE-2019-17125 | Cross-site Scripting vulnerability in Solarwinds Orion Platform 2019.2 A Reflected Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many forms. | 4.3 |
| 2019-12-16 | CVE-2019-13181 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Solarwinds Serv-U FTP Server 15.1.7 A CSV injection vulnerability exists in the web UI of SolarWinds Serv-U FTP Server v15.1.7. | 4.0 |
| 2019-08-14 | CVE-2018-19386 | Cross-site Scripting vulnerability in Solarwinds Database Performance Analyzer 11.1.457 SolarWinds Database Performance Analyzer 11.1.457 contains an instance of Reflected XSS in its idcStateError component, where the page parameter is reflected into the HREF of the 'Try Again' Button on the page, aka a /iwc/idcStateError.iwc?page= URI. | 4.3 |