← Back

Solarwinds

solarwinds

317 CVEs • 57 products

Products (57)

Click to collapse
Toggle
Orion Platform
orion_platform
49 CVEs
Serv U
serv-u
39 CVEs
Access Rights Manager
access_rights_manager
32 CVEs
Solarwinds Platform
solarwinds_platform
27 CVEs
Serv U File Server
serv-u_file_server
20 CVEs
Web Help Desk
web_help_desk
20 CVEs
Serv U Ftp Server
serv-u_ftp_server
11 CVEs
Database Performance Analyzer
database_performance_analyzer
10 CVEs
Orion Network Performance Monitor
orion_network_performance_monitor
9 CVEs
N Central
n-central
9 CVEs
Network Performance Monitor
network_performance_monitor
8 CVEs
Observability Self Hosted
observability_self-hosted
8 CVEs
Dameware Mini Remote Control
dameware_mini_remote_control
7 CVEs
Network Configuration Manager
network_configuration_manager
7 CVEs
Tftp Server
tftp_server
6 CVEs
Webhelpdesk
webhelpdesk
6 CVEs
Log And Event Manager
log_and_event_manager
5 CVEs
Kiwi Syslog Server
kiwi_syslog_server
5 CVEs
Orion Web Performance Monitor
orion_web_performance_monitor
4 CVEs
Security Event Manager
security_event_manager
4 CVEs
Server And Application Monitor
server_and_application_monitor
3 CVEs
Storage Manager
storage_manager
3 CVEs
Virtualization Manager
virtualization_manager
3 CVEs
Log & Event Manager
log_&_event_manager
3 CVEs
Patch Manager
patch_manager
3 CVEs
Ftp Voyager
ftp_voyager
2 CVEs
Sftp/scp Server
sftp/scp_server
2 CVEs
Serv U Mft Server
serv-u_mft_server
2 CVEs
Netpath
netpath
2 CVEs
Kiwi Cattools
kiwi_cattools
2 CVEs
Ip Address Manager Web Interface
ip_address_manager_web_interface
1 CVE
Dameware Remote Support
dameware_remote_support
1 CVE
Orion Ip Address Manager
orion_ip_address_manager
1 CVE
Orion Netflow Traffic Analyzer
orion_netflow_traffic_analyzer
1 CVE
Orion Network Configuration Manager
orion_network_configuration_manager
1 CVE
Orion Server And Application Manager
orion_server_and_application_manager
1 CVE
Orion User Device Tracker
orion_user_device_tracker
1 CVE
Orion Voip & Network Quality Manager
orion_voip_&_network_quality_manager
1 CVE
Firewall Security Manager
firewall_security_manager
1 CVE
N Able N Central
n-able_n-central
1 CVE
Storage Resource Monitor
storage_resource_monitor
1 CVE
Backup Profiler
backup_profiler
1 CVE
Storage Profiler
storage_profiler
1 CVE
Network Performance Monitor Orion Platform 2018 Netpath
network_performance_monitor_orion_platform_2018_netpath
1 CVE
Network Performance Monitor Orion Platform 2018 Npm
network_performance_monitor_orion_platform_2018_npm
1 CVE
Serv U Managed File Transfer
serv-u_managed_file_transfer
1 CVE
Dameware
dameware
1 CVE
Managed Service Provider Patch Management Engine
managed_service_provider_patch_management_engine
1 CVE
Advanced Monitoring Agent
advanced_monitoring_agent
1 CVE
Help Desk
help_desk
1 CVE
Orion Job Scheduler
orion_job_scheduler
1 CVE
Pingdom
pingdom
1 CVE
Database Performance Monitor
database_performance_monitor
1 CVE
Sql Sentry
sql_sentry
1 CVE
Engineer's Toolset
engineer's_toolset
1 CVE
Dynamips
dynamips
1 CVE
Network Configuration Monitor
network_configuration_monitor
1 CVE

CVEs (317)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2019-17127
1Solarwinds
1Orion Platform
Nov 21, 2024
Jan 17, 2020
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
A Stored Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many application forms. An attacker can inject an Angular expression and escape the Angular sandbo...Show more
A Stored Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many application forms. An attacker can inject an Angular expression and escape the Angular sandbox to achieve stored XSS. This can lead to privilege escalation.Show less
CVE-2019-17125
1Solarwinds
1Orion Platform
Nov 21, 2024
Jan 17, 2020
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
A Reflected Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many forms. An attacker can inject an Angular expression and escape the Angular sandbox to achi...Show more
A Reflected Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many forms. An attacker can inject an Angular expression and escape the Angular sandbox to achieve stored XSS.Show less
CVE-2019-19829
1Solarwinds
1Serv U Ftp Server
Nov 21, 2024
Dec 18, 2019
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
A cross-site scripting (XSS) vulnerability exists in SolarWinds Serv-U FTP Server 15.1.7 in the email parameter, a different vulnerability than CVE-2018-19934 and CVE-2019-13182.
CVE-2019-13182
1Solarwinds
1Serv U Ftp Server
Nov 21, 2024
Dec 16, 2019
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
A stored cross-site scripting (XSS) vulnerability exists in the web UI of SolarWinds Serv-U FTP Server 15.1.7.
CVE-2019-13181
1Solarwinds
1Serv U Ftp Server
Nov 21, 2024
Dec 16, 2019
N/A· v4
6.5 MEDIUM· v3
4.0 MEDIUM· v2
A CSV injection vulnerability exists in the web UI of SolarWinds Serv-U FTP Server v15.1.7.
CVE-2019-3980
1Solarwinds
1Dameware Mini Remote Control
Nov 21, 2024
Oct 8, 2019
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
The Solarwinds Dameware Mini Remote Client agent v12.1.0.89 supports smart card authentication which can allow a user to upload an executable to be executed on the DWRCS.exe host. An unauthenticated, remote attacker can...Show more
The Solarwinds Dameware Mini Remote Client agent v12.1.0.89 supports smart card authentication which can allow a user to upload an executable to be executed on the DWRCS.exe host. An unauthenticated, remote attacker can request smart card login and upload and execute an arbitrary executable run under the Local System account.Show less
CVE-2018-19386
1Solarwinds
1Database Performance Analyzer
Nov 21, 2024
Aug 14, 2019
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
SolarWinds Database Performance Analyzer 11.1.457 contains an instance of Reflected XSS in its idcStateError component, where the page parameter is reflected into the HREF of the 'Try Again' Button on the page, aka a /iw...Show more
SolarWinds Database Performance Analyzer 11.1.457 contains an instance of Reflected XSS in its idcStateError component, where the page parameter is reflected into the HREF of the 'Try Again' Button on the page, aka a /iwc/idcStateError.iwc?page= URI.Show less
CVE-2018-13442
1Solarwinds
1Network Performance Monitor
Nov 21, 2024
Jul 16, 2019
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
SolarWinds Network Performance Monitor 12.3 allows SQL Injection via the /api/ActiveAlertsOnThisEntity/GetActiveAlerts TriggeringObjectEntityNames parameter.
CVE-2019-12181
1Solarwinds
2Serv U Ftp Server
Serv U Mft Server
Nov 21, 2024
Jun 17, 2019
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
A privilege escalation vulnerability exists in SolarWinds Serv-U before 15.1.7 for Linux.
CVE-2019-3957
1Solarwinds
1Dameware Mini Remote Control
Nov 21, 2024
Jun 7, 2019
N/A· v4
7.4 HIGH· v3
5.8 MEDIUM· v2
Dameware Remote Mini Control version 12.1.0.34 and prior contains an unauthenticated remote buffer over-read due to the server not properly validating RsaSignatureLen during key negotiation, which could crash the applica...Show more
Dameware Remote Mini Control version 12.1.0.34 and prior contains an unauthenticated remote buffer over-read due to the server not properly validating RsaSignatureLen during key negotiation, which could crash the application or leak sensitive information.Show less
CVE-2018-19999
1Solarwinds
1Serv U Ftp Server
Nov 21, 2024
Jun 7, 2019
N/A· v4
7.8 HIGH· v3
7.2 HIGH· v2
The local management interface in SolarWinds Serv-U FTP Server 15.1.6.25 has incorrect access controls that permit local users to bypass authentication in the application and execute code in the context of the Windows SY...Show more
The local management interface in SolarWinds Serv-U FTP Server 15.1.6.25 has incorrect access controls that permit local users to bypass authentication in the application and execute code in the context of the Windows SYSTEM account, leading to privilege escalation. To exploit this vulnerability, an attacker must have local access the the host running Serv-U, and a Serv-U administrator have an active management console session.Show less
CVE-2019-9017
1Solarwinds
1Dameware Mini Remote Control
Nov 21, 2024
May 2, 2019
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
DWRCC in SolarWinds DameWare Mini Remote Control 10.0 x64 has a Buffer Overflow associated with the size field for the machine name.
CVE-2018-19934
1Solarwinds
1Serv U Ftp Server
Nov 21, 2024
Mar 21, 2019
N/A· v4
4.8 MEDIUM· v3
3.5 LOW· v2
SolarWinds Serv-U FTP Server 15.1.6.25 has reflected cross-site scripting (XSS) in the Web management interface via URL path and HTTP POST parameter.
CVE-2018-15906
1Solarwinds
1Serv U Ftp Server
Nov 21, 2024
Mar 21, 2019
N/A· v4
7.2 HIGH· v3
9.0 HIGH· v2
SolarWinds Serv-U FTP Server 15.1.6 allows remote authenticated users to execute arbitrary code by leveraging the Import feature and modifying a CSV file.
CVE-2019-9546
1Solarwinds
1Orion Platform
Nov 21, 2024
Mar 1, 2019
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
SolarWinds Orion Platform before 2018.4 Hotfix 2 allows privilege escalation through the RabbitMQ service.
CVE-2019-8917
1Solarwinds
1Orion Network Performance Monitor
Nov 21, 2024
Feb 18, 2019
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
SolarWinds Orion NPM before 12.4 suffers from a SYSTEM remote code execution vulnerability in the OrionModuleEngine service. This service establishes a NetTcpBinding endpoint that allows remote, unauthenticated clients t...Show more
SolarWinds Orion NPM before 12.4 suffers from a SYSTEM remote code execution vulnerability in the OrionModuleEngine service. This service establishes a NetTcpBinding endpoint that allows remote, unauthenticated clients to connect and call publicly exposed methods. The InvokeActionMethod method may be abused by an attacker to execute commands as the SYSTEM user.Show less
CVE-2018-16792
1Solarwinds
1Sftp/scp Server
Nov 21, 2024
Dec 5, 2018
N/A· v4
9.1 CRITICAL· v3
6.4 MEDIUM· v2
SolarWinds SFTP/SCP server through 2018-09-10 is vulnerable to XXE via a world readable and writable configuration file that allows an attacker to exfiltrate data.
CVE-2018-16791
1Solarwinds
1Sftp/scp Server
Nov 21, 2024
Dec 5, 2018
N/A· v4
9.8 CRITICAL· v3
5.0 MEDIUM· v2
In SolarWinds SFTP/SCP Server through 2018-09-10, the configuration file is world readable and writable, and stores user passwords in an insecure manner, allowing an attacker to determine passwords for potentially privil...Show more
In SolarWinds SFTP/SCP Server through 2018-09-10, the configuration file is world readable and writable, and stores user passwords in an insecure manner, allowing an attacker to determine passwords for potentially privileged accounts. This also grants the attacker an ability to backdoor the server.Show less
CVE-2018-12897
1Solarwinds
1Dameware Mini Remote Control
Nov 21, 2024
Sep 7, 2018
N/A· v4
7.8 HIGH· v3
4.6 MEDIUM· v2
SolarWinds DameWare Mini Remote Control before 12.1 has a Buffer Overflow.
CVE-2018-10241
1Solarwinds
1Serv U
Nov 21, 2024
May 16, 2018
N/A· v4
6.5 MEDIUM· v3
4.0 MEDIUM· v2
A denial of service vulnerability in SolarWinds Serv-U before 15.1.6 HFv1 allows an authenticated user to crash the application (with a NULL pointer dereference) via a specially crafted URL beginning with the /Web%20Clie...Show more
A denial of service vulnerability in SolarWinds Serv-U before 15.1.6 HFv1 allows an authenticated user to crash the application (with a NULL pointer dereference) via a specially crafted URL beginning with the /Web%20Client/ substring.Show less