Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
solarwinds orion platform vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2021-35220
Command Injection vulnerability in EmailWebPage API which can lead to a Remote Code Execution (RCE) from the Alerts Settings page.
Solarwinds Orion Platform
5.5
CVSSv2
CVE-2021-28674
The node management page in SolarWinds Orion Platform prior to 2020.2.5 HF1 allows an malicious user to create or delete a node (outside of the attacker's perimeter) via an account with write permissions. This occurs because node IDs are predictable (with incrementing number...
Solarwinds Orion Platform
7.2
CVSSv2
CVE-2021-27277
This vulnerability allows local malicious users to escalate privileges on affected installations of SolarWinds Orion Virtual Infrastructure Monitor 2020.2. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulne...
Solarwinds Orion Platform 2020.2
7.5
CVSSv2
CVE-2021-27258
This vulnerability allows remote malicious users to execute escalate privileges on affected installations of SolarWinds Orion Platform 2020.2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SaveUserSetting endpoint. The issue res...
Solarwinds Orion Platform 2020.2
4.9
CVSSv2
CVE-2021-3109
The custom menu item options page in SolarWinds Orion Platform prior to 2020.2.5 allows Reverse Tabnabbing in the context of an administrator account.
Solarwinds Orion Platform
3.5
CVSSv2
CVE-2020-35856
SolarWinds Orion Platform prior to 2020.2.5 allows stored XSS attacks by an administrator on the Customize View page.
Solarwinds Orion Platform
4
CVSSv2
CVE-2020-27870
This vulnerability allows remote malicious users to disclose sensitive information on affected installations of SolarWinds Orion Platform 2020.2.1. Authentication is required to exploit this vulnerability. The specific flaw exists within ExportToPDF.aspx. The issue results from t...
Solarwinds Orion Platform 2020.2.1
9
CVSSv2
CVE-2020-27871
This vulnerability allows remote malicious users to create arbitrary files on affected installations of SolarWinds Orion Platform 2020.2.1. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw ...
Solarwinds Orion Platform 2020.2.1
10
CVSSv2
CVE-2021-25274
The Collector Service in SolarWinds Orion Platform prior to 2020.2.4 uses MSMQ (Microsoft Message Queue) and doesn't set permissions on its private queues. As a result, remote unauthenticated clients can send messages to TCP port 1801 that the Collector Service will process....
Solarwinds Orion Platform
1 Article
2.1
CVSSv2
CVE-2021-25275
SolarWinds Orion Platform prior to 2020.2.4, as used by various SolarWinds products, installs and uses a SQL Server backend, and stores database credentials to access this backend in a file readable by unprivileged users. As a result, any user having access to the filesystem can ...
Solarwinds Orion Platform
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »