← Back

Solarwinds

solarwinds

317 CVEs • 57 products

Products (57)

Click to collapse
Toggle
Orion Platform
orion_platform
49 CVEs
Serv U
serv-u
39 CVEs
Access Rights Manager
access_rights_manager
32 CVEs
Solarwinds Platform
solarwinds_platform
27 CVEs
Serv U File Server
serv-u_file_server
20 CVEs
Web Help Desk
web_help_desk
20 CVEs
Serv U Ftp Server
serv-u_ftp_server
11 CVEs
Database Performance Analyzer
database_performance_analyzer
10 CVEs
Orion Network Performance Monitor
orion_network_performance_monitor
9 CVEs
N Central
n-central
9 CVEs
Network Performance Monitor
network_performance_monitor
8 CVEs
Observability Self Hosted
observability_self-hosted
8 CVEs
Dameware Mini Remote Control
dameware_mini_remote_control
7 CVEs
Network Configuration Manager
network_configuration_manager
7 CVEs
Tftp Server
tftp_server
6 CVEs
Webhelpdesk
webhelpdesk
6 CVEs
Log And Event Manager
log_and_event_manager
5 CVEs
Kiwi Syslog Server
kiwi_syslog_server
5 CVEs
Orion Web Performance Monitor
orion_web_performance_monitor
4 CVEs
Security Event Manager
security_event_manager
4 CVEs
Server And Application Monitor
server_and_application_monitor
3 CVEs
Storage Manager
storage_manager
3 CVEs
Virtualization Manager
virtualization_manager
3 CVEs
Log & Event Manager
log_&_event_manager
3 CVEs
Patch Manager
patch_manager
3 CVEs
Ftp Voyager
ftp_voyager
2 CVEs
Sftp/scp Server
sftp/scp_server
2 CVEs
Serv U Mft Server
serv-u_mft_server
2 CVEs
Netpath
netpath
2 CVEs
Kiwi Cattools
kiwi_cattools
2 CVEs
Ip Address Manager Web Interface
ip_address_manager_web_interface
1 CVE
Dameware Remote Support
dameware_remote_support
1 CVE
Orion Ip Address Manager
orion_ip_address_manager
1 CVE
Orion Netflow Traffic Analyzer
orion_netflow_traffic_analyzer
1 CVE
Orion Network Configuration Manager
orion_network_configuration_manager
1 CVE
Orion Server And Application Manager
orion_server_and_application_manager
1 CVE
Orion User Device Tracker
orion_user_device_tracker
1 CVE
Orion Voip & Network Quality Manager
orion_voip_&_network_quality_manager
1 CVE
Firewall Security Manager
firewall_security_manager
1 CVE
N Able N Central
n-able_n-central
1 CVE
Storage Resource Monitor
storage_resource_monitor
1 CVE
Backup Profiler
backup_profiler
1 CVE
Storage Profiler
storage_profiler
1 CVE
Network Performance Monitor Orion Platform 2018 Netpath
network_performance_monitor_orion_platform_2018_netpath
1 CVE
Network Performance Monitor Orion Platform 2018 Npm
network_performance_monitor_orion_platform_2018_npm
1 CVE
Serv U Managed File Transfer
serv-u_managed_file_transfer
1 CVE
Dameware
dameware
1 CVE
Managed Service Provider Patch Management Engine
managed_service_provider_patch_management_engine
1 CVE
Advanced Monitoring Agent
advanced_monitoring_agent
1 CVE
Help Desk
help_desk
1 CVE
Orion Job Scheduler
orion_job_scheduler
1 CVE
Pingdom
pingdom
1 CVE
Database Performance Monitor
database_performance_monitor
1 CVE
Sql Sentry
sql_sentry
1 CVE
Engineer's Toolset
engineer's_toolset
1 CVE
Dynamips
dynamips
1 CVE
Network Configuration Monitor
network_configuration_monitor
1 CVE

CVEs (317)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2020-13169
1Solarwinds
1Orion Platform
Nov 21, 2024
Sep 17, 2020
N/A· v4
9.0 CRITICAL· v3
3.5 LOW· v2
Stored XSS (Cross-Site Scripting) exists in the SolarWinds Orion Platform before before 2020.2.1 on multiple forms and pages. This vulnerability may lead to the Information Disclosure and Escalation of Privileges (takeov...Show more
Stored XSS (Cross-Site Scripting) exists in the SolarWinds Orion Platform before before 2020.2.1 on multiple forms and pages. This vulnerability may lead to the Information Disclosure and Escalation of Privileges (takeover of administrator account).Show less
CVE-2020-15576
1Solarwinds
1Serv U
Nov 21, 2024
Jul 7, 2020
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
SolarWinds Serv-U File Server before 15.2.1 allows information disclosure via an HTTP response.
CVE-2020-15575
1Solarwinds
1Serv U
Nov 21, 2024
Jul 7, 2020
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
SolarWinds Serv-U File Server before 15.2.1 allows XSS as demonstrated by Tenable Scan, aka Case Number 00484194.
CVE-2020-15574
1Solarwinds
1Serv U
Nov 21, 2024
Jul 7, 2020
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
SolarWinds Serv-U File Server before 15.2.1 mishandles the Same-Site cookie attribute, aka Case Number 00331893.
CVE-2020-15573
1Solarwinds
1Serv U
Nov 21, 2024
Jul 7, 2020
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
SolarWinds Serv-U File Server before 15.2.1 has a "Cross-script vulnerability," aka Case Numbers 00041778 and 00306421.
CVE-2020-15543
1Solarwinds
1Serv U Ftp Server
Nov 21, 2024
Jul 5, 2020
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
SolarWinds Serv-U FTP server before 15.2.1 does not validate an argument path.
CVE-2020-15542
1Solarwinds
1Serv U Ftp Server
Nov 21, 2024
Jul 5, 2020
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
SolarWinds Serv-U FTP server before 15.2.1 mishandles the CHMOD command.
CVE-2020-15541
1Solarwinds
1Serv U Ftp Server
Nov 21, 2024
Jul 5, 2020
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
SolarWinds Serv-U FTP server before 15.2.1 allows remote command execution.
CVE-2020-14007
1Solarwinds
2Orion Network Performance Monitor
Orion Web Performance Monitor
Nov 21, 2024
Jun 24, 2020
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows XSS via a name of an alert definition.
CVE-2020-14006
1Solarwinds
2Orion Network Performance Monitor
Orion Web Performance Monitor
Nov 21, 2024
Jun 24, 2020
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows XSS via a Responsible Team.
CVE-2020-14005
1Solarwinds
2Orion Network Performance Monitor
Orion Web Performance Monitor
Nov 21, 2024
Jun 24, 2020
N/A· v4
8.8 HIGH· v3
9.0 HIGH· v2
Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows remote attackers to execute arbitrary code via a defined event.
CVE-2020-13912
1Solarwinds
1Advanced Monitoring Agent
Nov 21, 2024
Jun 7, 2020
N/A· v4
7.3 HIGH· v3
6.0 MEDIUM· v2
SolarWinds Advanced Monitoring Agent before 10.8.9 allows local users to gain privileges via a Trojan horse .exe file, because everyone can write to a certain .exe file.
CVE-2020-12608
1Solarwinds
1Managed Service Provider Patch Management Engine
Nov 21, 2024
May 7, 2020
N/A· v4
7.8 HIGH· v3
9.3 HIGH· v2
An issue was discovered in SolarWinds MSP PME (Patch Management Engine) Cache Service before 1.1.15 in the Advanced Monitoring Agent. There are insecure file permissions for %PROGRAMDATA%\SolarWinds MSP\SolarWinds.MSP.Ca...Show more
An issue was discovered in SolarWinds MSP PME (Patch Management Engine) Cache Service before 1.1.15 in the Advanced Monitoring Agent. There are insecure file permissions for %PROGRAMDATA%\SolarWinds MSP\SolarWinds.MSP.CacheService\config\. This can lead to code execution by changing the CacheService.xml SISServerURL parameter.Show less
CVE-2019-12864
1Solarwinds
3Netpath
Network Performance MonitorOrion Platform
Nov 21, 2024
May 4, 2020
N/A· v4
5.5 MEDIUM· v3
2.1 LOW· v2
SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) is vulnerable to Information Leakage, because of improper error handling with stack traces, as demonstrated by discovering a full pathname upon a 500 Interna...Show more
SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) is vulnerable to Information Leakage, because of improper error handling with stack traces, as demonstrated by discovering a full pathname upon a 500 Internal Server Error via the api2/swis/query?lang=en-us&swAlertOnError=false query parameter.Show less
CVE-2019-20002
1Solarwinds
1Webhelpdesk
Nov 21, 2024
Apr 27, 2020
N/A· v4
7.8 HIGH· v3
6.0 MEDIUM· v2
Formula Injection exists in the export feature in SolarWinds WebHelpDesk 12.7.1 via a value (provided by a low-privileged user in the Subject field of a help request form) that is mishandled in a TicketActions/view?tab=g...Show more
Formula Injection exists in the export feature in SolarWinds WebHelpDesk 12.7.1 via a value (provided by a low-privileged user in the Subject field of a help request form) that is mishandled in a TicketActions/view?tab=group TSV export by an admin user.Show less
CVE-2020-5734
1Solarwinds
1Dameware
Nov 21, 2024
Apr 7, 2020
N/A· v4
7.5 HIGH· v3
4.3 MEDIUM· v2
Classic buffer overflow in SolarWinds Dameware allows a remote, unauthenticated attacker to cause a denial of service by sending a large 'SigPubkeyLen' during ECDH key exchange.
CVE-2019-12769
1Solarwinds
1Serv U Managed File Transfer
Nov 21, 2024
Mar 18, 2020
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
SolarWinds Serv-U Managed File Transfer (MFT) Web client before 15.1.6 Hotfix 2 is vulnerable to Cross-Site Request Forgery in the file upload functionality via ?Command=Upload with the Dir and File parameters.
CVE-2019-12863
1Solarwinds
3Netpath
Network Performance MonitorOrion Platform
Nov 21, 2024
Feb 25, 2020
N/A· v4
4.8 MEDIUM· v3
3.5 LOW· v2
SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) allows Stored HTML Injection by administrators via the Web Console Settings screen.
CVE-2019-12954
1Solarwinds
2Network Performance Monitor Orion Platform 2018 Netpath
Network Performance Monitor Orion Platform 2018 Npm
Nov 21, 2024
Feb 17, 2020
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
SolarWinds Network Performance Monitor (Orion Platform 2018, NPM 12.3, NetPath 1.1.3) allows XSS by authenticated users via a crafted onerror attribute of a VIDEO element in an action for an ALERT.
CVE-2020-7984
1Solarwinds
1N Central
Nov 21, 2024
Jan 26, 2020
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
SolarWinds N-central before 12.1 SP1 HF5 and 12.2 before SP1 HF2 allows remote attackers to retrieve cleartext domain admin credentials from the Agent & Probe settings, and obtain other sensitive information. The attacke...Show more
SolarWinds N-central before 12.1 SP1 HF5 and 12.2 before SP1 HF2 allows remote attackers to retrieve cleartext domain admin credentials from the Agent & Probe settings, and obtain other sensitive information. The attacker can use a customer ID to self register and read any aspects of the agent/appliance configuration.Show less