Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
solarwinds vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2014-3459
Heap-based buffer overflow in SolarWinds Network Configuration Manager (NCM) prior to 7.3 allows remote malicious users to execute arbitrary code via the PEstrarg1 property.
Solarwinds Network Configuration Manager 7.2.0
Solarwinds Network Configuration Manager
Solarwinds Network Configuration Manager 7.2.1
3.6
CVSSv2
CVE-2021-25276
In SolarWinds Serv-U prior to 15.2.2 Hotfix 1, there is a directory containing user profile files (that include users' password hashes) that is world readable and writable. An unprivileged Windows user (having access to the server's filesystem) can add an FTP user by co...
Solarwinds Serv-u
Solarwinds Serv-u 15.2.2
10
CVSSv2
CVE-2021-35211
Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability. If exploited, a threat actor may be able to gain privileged access to the machine hosting Serv-U Only. SolarWinds Serv-U Managed File ...
Solarwinds Serv-u
Solarwinds Serv-u 15.2.3
2 Github repositories
3 Articles
6.5
CVSSv2
CVE-2021-35234
Numerous exposed dangerous functions within Orion Core has allows for read-only SQL injection leading to privileged escalation. An attacker with low-user privileges may steal password hashes and password salt information.
Solarwinds Orion Platform
Solarwinds Orion Platform 2020.2.6
7.5
CVSSv2
CVE-2019-9546
SolarWinds Orion Platform prior to 2018.4 Hotfix 2 allows privilege escalation through the RabbitMQ service.
Solarwinds Orion Platform 2018.4
Solarwinds Orion Platform
3.5
CVSSv2
CVE-2021-35238
User with Orion Platform Admin Rights could store XSS through URL POST parameter in CreateExternalWebsite website.
Solarwinds Orion Platform
Solarwinds Orion Platform 2020.2.6
3.5
CVSSv2
CVE-2021-35239
A security researcher found a user with Orion map manage rights could store XSS through via text box hyperlink.
Solarwinds Orion Platform
Solarwinds Orion Platform 2020.2.6
4.3
CVSSv2
CVE-2021-35229
Cross-site scripting vulnerability is present in Database Performance Monitor 2022.1.7779 and previous versions when using a complex SQL query
Solarwinds Database Performance Analyzer
Solarwinds Database Performance Monitor
NA
CVE-2022-38106
This vulnerability happens in the web client versions 15.3.0 to Serv-U 15.3.1. This vulnerability affects the directory creation function.
Solarwinds Serv-u 15.3.1
Solarwinds Serv-u 15.3.0
5.5
CVSSv2
CVE-2021-35225
Each authenticated Orion Platform user in a MSP (Managed Service Provider) environment can view and browse all NetPath Services from all that MSP's customers. This can lead to any user having a limited insight into other customer's infrastructure and potential data cros...
Solarwinds Network Performance Monitor
Solarwinds Network Performance Monitor 2020.2.6
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »