Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
solarwinds vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2020-14007
Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows XSS via a name of an alert definition.
Solarwinds Orion Network Performance Monitor 2019.4
Solarwinds Orion Web Performance Monitor 2019.4.1
4.8
CVSSv3
CVE-2020-22428
SolarWinds Serv-U prior to 15.1.6 Hotfix 3 is affected by Cross Site Scripting (XSS) via a directory name (entered by an admin) containing a JavaScript payload.
Solarwinds Serv-u Ftp Server 15.1
Solarwinds Serv-u Mft Server 15.1
NA
CVE-2002-2393
Serv-U FTP server 3.0, 3.1 and 4.0.0.4 does not accept new connections while validating user folder access rights, which allows remote malicious users to cause a denial of service (no new connections) via a series of MKD commands.
Solarwinds Serv-u File Server 3.1.0.0
Solarwinds Serv-u File Server 4.0.0.4
8.8
CVSSv3
CVE-2019-12769
SolarWinds Serv-U Managed File Transfer (MFT) Web client prior to 15.1.6 Hotfix 2 is vulnerable to Cross-Site Request Forgery in the file upload functionality via ?Command=Upload with the Dir and File parameters.
Solarwinds Serv-u Managed File Transfer
Solarwinds Serv-u Managed File Transfer 15.1.6
7.5
CVSSv3
CVE-2023-23837
No exception handling vulnerability which revealed sensitive or excessive information to users.
Solarwinds Database Performance Analyzer
6.5
CVSSv3
CVE-2023-23838
Directory traversal and file enumeration vulnerability which allowed users to enumerate to different folders of the server.
Solarwinds Database Performance Analyzer
8.1
CVSSv3
CVE-2021-35221
Improper Access Control Tampering Vulnerability using ImportAlert function which can lead to a Remote Code Execution (RCE) from the Alerts Settings page.
Solarwinds Orion Platform
8.8
CVSSv3
CVE-2021-35213
An Improper Access Control Privilege Escalation Vulnerability exists in the User Setting of Orion Platform version 2020.2.5. It allows a guest user to elevate privileges to the Administrator using this vulnerability. Authentication is required to exploit the vulnerability.
Solarwinds Orion Platform
4.7
CVSSv3
CVE-2021-35214
The vulnerability in SolarWinds Pingdom can be described as a failure to invalidate user session upon password or email address change. When running multiple active sessions in separate browser windows, it was observed a password or email address change could be changed without t...
Solarwinds Pingdom
9.6
CVSSv3
CVE-2021-35222
This vulnerability allows malicious users to impersonate users and perform arbitrary actions leading to a Remote Code Execution (RCE) from the Alerts Settings page.
Solarwinds Orion Platform
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »