Vulnerabilities > Solarwinds > Storage Manager > Critical

DATE CVE VULNERABILITY TITLE RISK
2017-12-20 CVE-2012-2576 SQL Injection vulnerability in Solarwinds Backup Profiler, Storage Manager and Storage Profiler
SQL injection vulnerability in the LoginServlet page in SolarWinds Storage Manager before 5.1.2, SolarWinds Storage Profiler before 5.1.2, and SolarWinds Backup Profiler before 5.1.2 allows remote attackers to execute arbitrary SQL commands via the loginName field.
network
low complexity
solarwinds CWE-89
critical
 10.0
10
2015-10-15 CVE-2015-7838 Improper Input Validation vulnerability in Solarwinds Storage Manager 6.1
ProcessFileUpload.jsp in SolarWinds Storage Manager before 6.2 allows remote attackers to upload and execute arbitrary files via unspecified vectors.
network
low complexity
solarwinds CWE-20
critical
 10.0
10
2015-07-06 CVE-2015-5371 Remote Code Execution vulnerability in SolarWinds Storage Manager
The AuthenticationFilter class in SolarWinds Storage Manager allows remote attackers to upload and execute arbitrary scripts via unspecified vectors.
network
low complexity
solarwinds
critical
 10.0
10