Vulnerabilities > Solarwinds > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-16 | CVE-2018-13442 | SQL Injection vulnerability in Solarwinds Network Performance Monitor SolarWinds Network Performance Monitor 12.3 allows SQL Injection via the /api/ActiveAlertsOnThisEntity/GetActiveAlerts TriggeringObjectEntityNames parameter. | 6.5 |
| 2019-06-07 | CVE-2019-3957 | Out-of-bounds Read vulnerability in Solarwinds Dameware Mini Remote Control Dameware Remote Mini Control version 12.1.0.34 and prior contains an unauthenticated remote buffer over-read due to the server not properly validating RsaSignatureLen during key negotiation, which could crash the application or leak sensitive information. | 5.8 |
| 2018-12-05 | CVE-2018-16792 | XXE vulnerability in Solarwinds Sftp/Scp Server 20180910 SolarWinds SFTP/SCP server through 2018-09-10 is vulnerable to XXE via a world readable and writable configuration file that allows an attacker to exfiltrate data. | 6.4 |
| 2018-12-05 | CVE-2018-16791 | Insufficiently Protected Credentials vulnerability in Solarwinds Sftp/Scp Server In SolarWinds SFTP/SCP Server through 2018-09-10, the configuration file is world readable and writable, and stores user passwords in an insecure manner, allowing an attacker to determine passwords for potentially privileged accounts. | 5.0 |
| 2018-09-07 | CVE-2018-12897 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Solarwinds Dameware Mini Remote Control SolarWinds DameWare Mini Remote Control before 12.1 has a Buffer Overflow. | 4.6 |
| 2018-05-16 | CVE-2018-10241 | NULL Pointer Dereference vulnerability in Solarwinds Serv-U 15.1.6 A denial of service vulnerability in SolarWinds Serv-U before 15.1.6 HFv1 allows an authenticated user to crash the application (with a NULL pointer dereference) via a specially crafted URL beginning with the /Web%20Client/ substring. | 4.0 |
| 2018-05-16 | CVE-2018-10240 | Insufficient Entropy vulnerability in Solarwinds Serv-U 15.1.6 SolarWinds Serv-U MFT before 15.1.6 HFv1 assigns authenticated users a low-entropy session token that can be included in requests to the application as a URL parameter in lieu of a session cookie. | 5.0 |
| 2017-10-03 | CVE-2017-9538 | Improper Input Validation vulnerability in Solarwinds Network Performance Monitor 12.0/12.0.1/12.0.15300.90 The 'Upload logo from external path' function of SolarWinds Network Performance Monitor version 12.0.15300.90 allows remote attackers to cause a denial of service (permanent display of a "Cannot exit above the top directory" error message throughout the entire web application) via a ".." in the path field. | 4.0 |
| 2017-04-10 | CVE-2017-7647 | Unspecified vulnerability in Solarwinds LOG & Event Manager SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an authenticated user to execute arbitrary commands. | 6.5 |
| 2017-04-10 | CVE-2017-7646 | Information Exposure vulnerability in Solarwinds LOG & Event Manager SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an authenticated user to browse the server's filesystem and read the contents of arbitrary files contained within. | 4.0 |