Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
solarwinds orion platform vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2021-35218
Deserialization of Untrusted Data in the Web Console Chart Endpoint can lead to remote code execution. An unauthorized attacker who has network access to the Orion Patch Manager Web Console could potentially exploit this and compromise the server
Solarwinds Orion Platform
4
CVSSv2
CVE-2021-35219
ExportToPdfCmd Arbitrary File Read Information Disclosure Vulnerability using ImportAlert function within the Alerts Settings page.
Solarwinds Orion Platform
3.5
CVSSv2
CVE-2020-35856
SolarWinds Orion Platform prior to 2020.2.5 allows stored XSS attacks by an administrator on the Customize View page.
Solarwinds Orion Platform
3.5
CVSSv2
CVE-2020-13169
Stored XSS (Cross-Site Scripting) exists in the SolarWinds Orion Platform before prior to 2020.2.1 on multiple forms and pages. This vulnerability may lead to the Information Disclosure and Escalation of Privileges (takeover of administrator account).
Solarwinds Orion Platform
6.5
CVSSv2
CVE-2021-35220
Command Injection vulnerability in EmailWebPage API which can lead to a Remote Code Execution (RCE) from the Alerts Settings page.
Solarwinds Orion Platform
5.5
CVSSv2
CVE-2021-28674
The node management page in SolarWinds Orion Platform prior to 2020.2.5 HF1 allows an malicious user to create or delete a node (outside of the attacker's perimeter) via an account with write permissions. This occurs because node IDs are predictable (with incrementing number...
Solarwinds Orion Platform
10
CVSSv2
CVE-2021-25274
The Collector Service in SolarWinds Orion Platform prior to 2020.2.4 uses MSMQ (Microsoft Message Queue) and doesn't set permissions on its private queues. As a result, remote unauthenticated clients can send messages to TCP port 1801 that the Collector Service will process....
Solarwinds Orion Platform
1 Article
NA
CVE-2023-23840
The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges.
Solarwinds Orion Platform
2.1
CVSSv2
CVE-2021-25275
SolarWinds Orion Platform prior to 2020.2.4, as used by various SolarWinds products, installs and uses a SQL Server backend, and stores database credentials to access this backend in a file readable by unprivileged users. As a result, any user having access to the filesystem can ...
Solarwinds Orion Platform
1 Github repository
4.3
CVSSv2
CVE-2019-17125
A Reflected Client Side Template Injection (CSTI) with Angular exists in the SolarWinds Orion Platform 2019.2 HF1 in many forms. An attacker can inject an Angular expression and escape the Angular sandbox to achieve stored XSS.
Solarwinds Orion Platform 2019.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »