Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
solarwinds vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2018-13442
SolarWinds Network Performance Monitor 12.3 allows SQL Injection via the /api/ActiveAlertsOnThisEntity/GetActiveAlerts TriggeringObjectEntityNames parameter.
Solarwinds Network Performance Monitor
6.5
CVSSv2
CVE-2019-12181
A privilege escalation vulnerability exists in SolarWinds Serv-U prior to 15.1.7 for Linux.
Solarwinds Serv-u Mft Server
Solarwinds Serv-u Ftp Server
3 EDB exploits
2 Github repositories
6.5
CVSSv2
CVE-2017-7647
SolarWinds Log & Event Manager (LEM) prior to 6.3.1 Hotfix 4 allows an authenticated user to execute arbitrary commands.
Solarwinds Log \\& Event Manager
6.5
CVSSv2
CVE-2017-5199
The editbanner feature in SolarWinds LEM (aka SIEM) up to and including 6.3.1 allows remote authenticated users to execute arbitrary code by editing /usr/local/contego/scripts/mgrconfig.pl.
Solarwinds Log And Event Manager
6.4
CVSSv2
CVE-2018-16792
SolarWinds SFTP/SCP server through 2018-09-10 is vulnerable to XXE via a world readable and writable configuration file that allows an malicious user to exfiltrate data.
Solarwinds Sftp\\/scp Server
6
CVSSv2
CVE-2020-13912
SolarWinds Advanced Monitoring Agent prior to 10.8.9 allows local users to gain privileges via a Trojan horse .exe file, because everyone can write to a certain .exe file.
Solarwinds Advanced Monitoring Agent
6
CVSSv2
CVE-2019-20002
Formula Injection exists in the export feature in SolarWinds WebHelpDesk 12.7.1 via a value (provided by a low-privileged user in the Subject field of a help request form) that is mishandled in a TicketActions/view?tab=group TSV export by an admin user.
Solarwinds Webhelpdesk 12.7.1
5.8
CVSSv2
CVE-2019-3957
Dameware Remote Mini Control version 12.1.0.34 and prior contains an unauthenticated remote buffer over-read due to the server not properly validating RsaSignatureLen during key negotiation, which could crash the application or leak sensitive information.
Solarwinds Dameware Mini Remote Control
5.5
CVSSv2
CVE-2021-35225
Each authenticated Orion Platform user in a MSP (Managed Service Provider) environment can view and browse all NetPath Services from all that MSP's customers. This can lead to any user having a limited insight into other customer's infrastructure and potential data cros...
Solarwinds Network Performance Monitor
Solarwinds Network Performance Monitor 2020.2.6
5.5
CVSSv2
CVE-2021-35221
Improper Access Control Tampering Vulnerability using ImportAlert function which can lead to a Remote Code Execution (RCE) from the Alerts Settings page.
Solarwinds Orion Platform
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »