Vulnerabilities > Solarwinds > Sftp SCP Server > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-05 | CVE-2018-16792 | XXE vulnerability in Solarwinds Sftp/Scp Server 20180910 SolarWinds SFTP/SCP server through 2018-09-10 is vulnerable to XXE via a world readable and writable configuration file that allows an attacker to exfiltrate data. | 6.4 |
| 2018-12-05 | CVE-2018-16791 | Insufficiently Protected Credentials vulnerability in Solarwinds Sftp/Scp Server In SolarWinds SFTP/SCP Server through 2018-09-10, the configuration file is world readable and writable, and stores user passwords in an insecure manner, allowing an attacker to determine passwords for potentially privileged accounts. | 5.0 |