Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
solarwinds vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2021-35216
Insecure Deserialization of untrusted data remote code execution vulnerability exists in Patch Manager Orion Platform Integration module. An Authenticated Attacker with network access via HTTP can compromise this vulnerability can result in Remote Code Execution.
Solarwinds Patch Manager
8.8
CVSSv3
CVE-2021-35217
Insecure Deseralization of untrusted data remote code execution vulnerability exists in Patch Manager Orion Platform Integration module and reported to us by ZDI. An Authenticated Attacker could exploit it by executing WSAsyncExecuteTasks deserialization of untrusted data.
Solarwinds Patch Manager
4.9
CVSSv3
CVE-2021-35219
ExportToPdfCmd Arbitrary File Read Information Disclosure Vulnerability using ImportAlert function within the Alerts Settings page.
Solarwinds Orion Platform
8.8
CVSSv3
CVE-2021-35223
The Serv-U File Server allows for events such as user login failures to be audited by executing a command. This command can be supplied with parameters that can take the form of user string variables, allowing remote code execution.
Solarwinds Serv-u
6.7
CVSSv3
CVE-2021-35230
As a result of an unquoted service path vulnerability present in the Kiwi CatTools Installation Wizard, a local attacker could gain escalated privileges by inserting an executable into the path of the affected service or uninstall entry.
Solarwinds Kiwi Cattools
8.8
CVSSv3
CVE-2021-35242
Serv-U server responds with valid CSRFToken when the request contains only Session.
Solarwinds Serv-u
5.3
CVSSv3
CVE-2021-35247
Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized. SolarWinds has updated the input mechanism to perform additional validation and sanitization. Please Note: No downstream affect has been detected as the LDAP servers ignor...
Solarwinds Serv-u
NA
CVE-2015-5371
The AuthenticationFilter class in SolarWinds Storage Manager allows remote malicious users to upload and execute arbitrary scripts via unspecified vectors.
Solarwinds Storage Manager -
6.5
CVSSv3
CVE-2018-10241
A denial of service vulnerability in SolarWinds Serv-U prior to 15.1.6 HFv1 allows an authenticated user to crash the application (with a NULL pointer dereference) via a specially crafted URL beginning with the /Web%20Client/ substring.
Solarwinds Serv-u
4.8
CVSSv3
CVE-2021-3109
The custom menu item options page in SolarWinds Orion Platform prior to 2020.2.5 allows Reverse Tabnabbing in the context of an administrator account.
Solarwinds Orion Platform
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »