← Back

Solarwinds

solarwinds

317 CVEs • 57 products

Products (57)

Click to collapse
Toggle
Orion Platform
orion_platform
49 CVEs
Serv U
serv-u
39 CVEs
Access Rights Manager
access_rights_manager
32 CVEs
Solarwinds Platform
solarwinds_platform
27 CVEs
Serv U File Server
serv-u_file_server
20 CVEs
Web Help Desk
web_help_desk
20 CVEs
Serv U Ftp Server
serv-u_ftp_server
11 CVEs
Database Performance Analyzer
database_performance_analyzer
10 CVEs
Orion Network Performance Monitor
orion_network_performance_monitor
9 CVEs
N Central
n-central
9 CVEs
Network Performance Monitor
network_performance_monitor
8 CVEs
Observability Self Hosted
observability_self-hosted
8 CVEs
Dameware Mini Remote Control
dameware_mini_remote_control
7 CVEs
Network Configuration Manager
network_configuration_manager
7 CVEs
Tftp Server
tftp_server
6 CVEs
Webhelpdesk
webhelpdesk
6 CVEs
Log And Event Manager
log_and_event_manager
5 CVEs
Kiwi Syslog Server
kiwi_syslog_server
5 CVEs
Orion Web Performance Monitor
orion_web_performance_monitor
4 CVEs
Security Event Manager
security_event_manager
4 CVEs
Server And Application Monitor
server_and_application_monitor
3 CVEs
Storage Manager
storage_manager
3 CVEs
Virtualization Manager
virtualization_manager
3 CVEs
Log & Event Manager
log_&_event_manager
3 CVEs
Patch Manager
patch_manager
3 CVEs
Ftp Voyager
ftp_voyager
2 CVEs
Sftp/scp Server
sftp/scp_server
2 CVEs
Serv U Mft Server
serv-u_mft_server
2 CVEs
Netpath
netpath
2 CVEs
Kiwi Cattools
kiwi_cattools
2 CVEs
Ip Address Manager Web Interface
ip_address_manager_web_interface
1 CVE
Dameware Remote Support
dameware_remote_support
1 CVE
Orion Ip Address Manager
orion_ip_address_manager
1 CVE
Orion Netflow Traffic Analyzer
orion_netflow_traffic_analyzer
1 CVE
Orion Network Configuration Manager
orion_network_configuration_manager
1 CVE
Orion Server And Application Manager
orion_server_and_application_manager
1 CVE
Orion User Device Tracker
orion_user_device_tracker
1 CVE
Orion Voip & Network Quality Manager
orion_voip_&_network_quality_manager
1 CVE
Firewall Security Manager
firewall_security_manager
1 CVE
N Able N Central
n-able_n-central
1 CVE
Storage Resource Monitor
storage_resource_monitor
1 CVE
Backup Profiler
backup_profiler
1 CVE
Storage Profiler
storage_profiler
1 CVE
Network Performance Monitor Orion Platform 2018 Netpath
network_performance_monitor_orion_platform_2018_netpath
1 CVE
Network Performance Monitor Orion Platform 2018 Npm
network_performance_monitor_orion_platform_2018_npm
1 CVE
Serv U Managed File Transfer
serv-u_managed_file_transfer
1 CVE
Dameware
dameware
1 CVE
Managed Service Provider Patch Management Engine
managed_service_provider_patch_management_engine
1 CVE
Advanced Monitoring Agent
advanced_monitoring_agent
1 CVE
Help Desk
help_desk
1 CVE
Orion Job Scheduler
orion_job_scheduler
1 CVE
Pingdom
pingdom
1 CVE
Database Performance Monitor
database_performance_monitor
1 CVE
Sql Sentry
sql_sentry
1 CVE
Engineer's Toolset
engineer's_toolset
1 CVE
Dynamips
dynamips
1 CVE
Network Configuration Monitor
network_configuration_monitor
1 CVE

CVEs (317)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2020-28001
1Solarwinds
1Serv U
Nov 21, 2024
Feb 3, 2021
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
SolarWinds Serv-U before 15.2.2 allows Authenticated Stored XSS.
CVE-2020-27994
1Solarwinds
1Serv U
Nov 21, 2024
Feb 3, 2021
N/A· v4
6.5 MEDIUM· v3
4.0 MEDIUM· v2
SolarWinds Serv-U before 15.2.2 allows Authenticated Directory Traversal.
CVE-2019-16961
1Solarwinds
1Web Help Desk
Nov 21, 2024
Jan 15, 2021
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
SolarWinds Web Help Desk 12.7.0 allows XSS via a Schedule Name.
CVE-2019-16954
1Solarwinds
1Web Help Desk
Nov 21, 2024
Jan 6, 2021
N/A· v4
5.4 MEDIUM· v3
4.9 MEDIUM· v2
SolarWinds Web Help Desk 12.7.0 allows HTML injection via a Comment in a Help Request ticket.
CVE-2019-16960
1Solarwinds
1Web Help Desk
Nov 21, 2024
Jan 4, 2021
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
SolarWinds Web Help Desk 12.7.0 allows XSS via a CSV template file with a crafted Location Name field.
CVE-2019-16956
1Solarwinds
1Web Help Desk
Nov 21, 2024
Jan 4, 2021
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
SolarWinds Web Help Desk 12.7.0 allows XSS via the Request Type parameter of a ticket.
CVE-2020-10148
1Solarwinds
1Orion Platform
Oct 24, 2025
Dec 29, 2020
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. This vulnerability could allow a remote attacker to bypass authentication and execute API com...Show more
The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. This vulnerability could allow a remote attacker to bypass authentication and execute API commands which may result in a compromise of the SolarWinds instance. SolarWinds Orion Platform versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1 are affected.Show less
CVE-2019-16959
1Solarwinds
1Webhelpdesk
Nov 21, 2024
Dec 21, 2020
N/A· v4
6.5 MEDIUM· v3
4.0 MEDIUM· v2
SolarWinds Web Help Desk 12.7.0 allows CSV Injection, also known as Formula Injection, via a file attached to a ticket.
CVE-2019-16957
1Solarwinds
1Webhelpdesk
Nov 21, 2024
Dec 18, 2020
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
SolarWinds Web Help Desk 12.7.0 allows XSS via the First Name field of a User Account.
CVE-2019-16955
1Solarwinds
1Webhelpdesk
Nov 21, 2024
Dec 18, 2020
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
SolarWinds Web Help Desk 12.7.0 allows XSS via an uploaded SVG document in a request.
CVE-2020-25622
1Solarwinds
1N Central
Nov 21, 2024
Dec 16, 2020
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
An issue was discovered in SolarWinds N-Central 12.3.0.670. The AdvancedScripts HTTP endpoint allows CSRF.
CVE-2020-25621
1Solarwinds
1N Central
Nov 21, 2024
Dec 16, 2020
N/A· v4
8.4 HIGH· v3
2.1 LOW· v2
An issue was discovered in SolarWinds N-Central 12.3.0.670. The local database does not require authentication: security is only based on ability to access a network interface. The database has keys and passwords.
CVE-2020-25620
1Solarwinds
1N Central
Nov 21, 2024
Dec 16, 2020
N/A· v4
7.8 HIGH· v3
4.6 MEDIUM· v2
An issue was discovered in SolarWinds N-Central 12.3.0.670. Hard-coded Credentials exist by default for local user accounts named support@n-able.com and nableadmin@n-able.com. These allow logins to the N-Central Administ...Show more
An issue was discovered in SolarWinds N-Central 12.3.0.670. Hard-coded Credentials exist by default for local user accounts named support@n-able.com and nableadmin@n-able.com. These allow logins to the N-Central Administrative Console (NAC) and/or the regular web interface.Show less
CVE-2020-25619
1Solarwinds
1N Central
Nov 21, 2024
Dec 16, 2020
N/A· v4
4.4 MEDIUM· v3
3.6 LOW· v2
An issue was discovered in SolarWinds N-Central 12.3.0.670. The SSH component does not restrict the Communication Channel to Intended Endpoints. An attacker can leverage an SSH feature (port forwarding with a temporary k...Show more
An issue was discovered in SolarWinds N-Central 12.3.0.670. The SSH component does not restrict the Communication Channel to Intended Endpoints. An attacker can leverage an SSH feature (port forwarding with a temporary key pair) to access network services on the 127.0.0.1 interface, even though this feature was only intended for user-to-agent communication.Show less
CVE-2020-25618
1Solarwinds
1N Central
Nov 21, 2024
Dec 16, 2020
N/A· v4
8.8 HIGH· v3
9.0 HIGH· v2
An issue was discovered in SolarWinds N-Central 12.3.0.670. The sudo configuration has incorrect access control because the nable web user account is effectively able to run arbitrary OS commands as root (i.e., the use o...Show more
An issue was discovered in SolarWinds N-Central 12.3.0.670. The sudo configuration has incorrect access control because the nable web user account is effectively able to run arbitrary OS commands as root (i.e., the use of root privileges is not limited to specific programs listed in the sudoers file).Show less
CVE-2020-25617
1Solarwinds
1N Central
Nov 21, 2024
Dec 16, 2020
N/A· v4
8.8 HIGH· v3
9.0 HIGH· v2
An issue was discovered in SolarWinds N-Central 12.3.0.670. The AdvancedScripts HTTP endpoint allows Relative Path Traversal by an authenticated user of the N-Central Administration Console (NAC), leading to execution of...Show more
An issue was discovered in SolarWinds N-Central 12.3.0.670. The AdvancedScripts HTTP endpoint allows Relative Path Traversal by an authenticated user of the N-Central Administration Console (NAC), leading to execution of OS commands as root.Show less
CVE-2018-16243
1Solarwinds
1Database Performance Analyzer
Nov 21, 2024
Dec 15, 2020
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
SolarWinds Database Performance Analyzer (DPA) 11.1.468 and 12.0.3074 have several persistent XSS vulnerabilities, related to logViewer.iwc, centralManage.cen, userAdministration.iwc, database.iwc, alertManagement.iwc, e...Show more
SolarWinds Database Performance Analyzer (DPA) 11.1.468 and 12.0.3074 have several persistent XSS vulnerabilities, related to logViewer.iwc, centralManage.cen, userAdministration.iwc, database.iwc, alertManagement.iwc, eventAnnotations.iwc, and central.cen.Show less
CVE-2019-16958
1Solarwinds
1Help Desk
Nov 21, 2024
Dec 1, 2020
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
Cross-site Scripting (XSS) vulnerability in SolarWinds Web Help Desk 12.7.0 allows attacker to inject arbitrary web script or HTML via Location Name.
CVE-2020-15910
1Solarwinds
1N Central
Nov 21, 2024
Oct 19, 2020
N/A· v4
4.7 MEDIUM· v3
4.3 MEDIUM· v2
SolarWinds N-Central version 12.3 GA and lower does not set the JSESSIONID attribute to HTTPOnly. This makes it possible to influence the cookie with javascript. An attacker could send the user to a prepared webpage or b...Show more
SolarWinds N-Central version 12.3 GA and lower does not set the JSESSIONID attribute to HTTPOnly. This makes it possible to influence the cookie with javascript. An attacker could send the user to a prepared webpage or by influencing JavaScript to the extract the JESSIONID. This could then be forwarded to the attacker.Show less
CVE-2020-15909
1Solarwinds
1N Central
Nov 21, 2024
Oct 19, 2020
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
SolarWinds N-central through 2020.1 allows session hijacking and requires user interaction or physical access. The N-Central JSESSIONID cookie attribute is not checked against multiple sources such as sourceip, MFA claim...Show more
SolarWinds N-central through 2020.1 allows session hijacking and requires user interaction or physical access. The N-Central JSESSIONID cookie attribute is not checked against multiple sources such as sourceip, MFA claim, etc. as long as the victim stays logged in within N-Central. To take advantage of this, cookie could be stolen and the JSESSIONID can be captured. On its own this is not a surprising result; low security tools allow the cookie to roam from machine to machine. The JSESSION cookie can then be used on the attackers’ workstation by browsing to the victim’s NCentral server URL and replacing the JSESSIONID attribute value by the captured value. Expected behavior would be to check this against a second source and enforce at least a reauthentication or multi factor request as N-Central is a highly privileged service.Show less