Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
solarwinds vulnerabilities and exploits
(subscribe to this query)
605
VMScore
CVE-2019-12769
SolarWinds Serv-U Managed File Transfer (MFT) Web client prior to 15.1.6 Hotfix 2 is vulnerable to Cross-Site Request Forgery in the file upload functionality via ?Command=Upload with the Dir and File parameters.
Solarwinds Serv-u Managed File Transfer
Solarwinds Serv-u Managed File Transfer 15.1.6
801
VMScore
CVE-2021-35213
An Improper Access Control Privilege Escalation Vulnerability exists in the User Setting of Orion Platform version 2020.2.5. It allows a guest user to elevate privileges to the Administrator using this vulnerability. Authentication is required to exploit the vulnerability.
Solarwinds Orion Platform
169
VMScore
CVE-2021-35214
The vulnerability in SolarWinds Pingdom can be described as a failure to invalidate user session upon password or email address change. When running multiple active sessions in separate browser windows, it was observed a password or email address change could be changed without t...
Solarwinds Pingdom
490
VMScore
CVE-2021-35221
Improper Access Control Tampering Vulnerability using ImportAlert function which can lead to a Remote Code Execution (RCE) from the Alerts Settings page.
Solarwinds Orion Platform
383
VMScore
CVE-2021-35222
This vulnerability allows malicious users to impersonate users and perform arbitrary actions leading to a Remote Code Execution (RCE) from the Alerts Settings page.
Solarwinds Orion Platform
320
VMScore
CVE-2021-35232
Hard coded credentials discovered in SolarWinds Web Help Desk product. Through these credentials, the attacker with local access to the Web Help Desk host machine allows to execute arbitrary HQL queries against the database and leverage the vulnerability to steal the password has...
Solarwinds Webhelpdesk
312
VMScore
CVE-2021-35240
A security researcher stored XSS via a Help Server setting. This affects customers using Internet Explorer, because they do not support 'rel=noopener'.
Solarwinds Orion Platform
NA
CVE-2023-23837
No exception handling vulnerability which revealed sensitive or excessive information to users.
Solarwinds Database Performance Analyzer
NA
CVE-2023-23838
Directory traversal and file enumeration vulnerability which allowed users to enumerate to different folders of the server.
Solarwinds Database Performance Analyzer
NA
CVE-2022-36963
The SolarWinds Platform was susceptible to the Command Injection Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform admin account to execute arbitrary commands.
Solarwinds Orion Platform
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49333
CVE-2024-33901
CVE-2024-36001
CVE-2024-2835
firewall
XPath injection
authentication bypass
CVE-2024-22120
CVE-2024-32002
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »