solarwinds

320 tracked vulnerabilities.

CVE-2021-35248 MEDIUM
SolarWinds Orion Platform < 2020.2.6 - Unauthenticated User Enumeration via Orion.UserSettings Entity
Dec 20, 2021
CVSS 6.8
EPSS 0.00
CVE-2021-35244 MEDIUM
SolarWinds Orion Platform - Authenticated Remote Code Execution via Log Alert File Action
Dec 20, 2021
CVSS 6.8
EPSS 0.24
CVE-2021-35234 HIGH
SolarWinds Orion Platform < 2020.2.5 - Authenticated SQL Injection
Dec 20, 2021
CVSS 8.0
EPSS 0.01
CVE-2021-35245 HIGH
Serv-U Console - Privilege Escalation
Dec 06, 2021
CVSS 8.4
EPSS 0.00
CVE-2021-35242 HIGH
SolarWinds Serv-U < 15.2.5 - Cross-Site Request Forgery via Session Token
Dec 06, 2021
CVSS 8.3
EPSS 0.01
CVE-2021-35237 MEDIUM
Kiwi Syslog Server < 9.7.2 - Clickjacking via Missing X-Frame-Options Header
Oct 29, 2021
CVSS 5.0
EPSS 0.00
CVE-2021-35236 LOW
Kiwi Syslog Server <9.7.2 - Info Disclosure
Oct 27, 2021
CVSS 3.1
EPSS 0.00
CVE-2021-35235 MEDIUM
Kiwi Syslog Server <9.7.2 - Info Disclosure
Oct 27, 2021
CVSS 5.3
EPSS 0.02
CVE-2021-35233 MEDIUM
Kiwi Syslog Server <9.7.1 - Info Disclosure
Oct 27, 2021
CVSS 5.3
EPSS 0.01
CVE-2021-35231 MEDIUM
Kiwi Syslog Server - Privilege Escalation
Oct 25, 2021
CVSS 6.7
EPSS 0.00
CVE-2021-35230 MEDIUM
Kiwi CatTools - Privilege Escalation
Oct 22, 2021
CVSS 6.7
EPSS 0.00
CVE-2021-35228 MEDIUM
Solarwinds Database Performance Analyzer - Reflective Cross-Site Scripting
Oct 21, 2021
CVSS 5.5
EPSS 0.01
CVE-2021-35227 MEDIUM
RabbitMQ Plugin <2020.2.6 - Info Disclosure
Oct 21, 2021
CVSS 4.7
EPSS 0.01
CVE-2021-35225 MEDIUM
SolarWinds Network Performance Monitor - Authenticated Information Disclosure via NetPath Services
Oct 21, 2021
CVSS 5.0
EPSS 0.01
CVE-2021-35214 MEDIUM
SolarWinds Pingdom - Info Disclosure
Oct 12, 2021
CVSS 4.8
EPSS 0.00
CVE-2021-35217 HIGH
Patch Manager Orion Platform - Code Injection
Sep 08, 2021
CVSS 8.9
EPSS 0.60
CVE-2021-35218 HIGH
SolarWinds Orion Platform < 2020.2.6 - Unauthenticated Remote Code Execution via Web Console Chart Endpoint
Sep 01, 2021
CVSS 8.9
EPSS 0.15
CVE-2021-35216 HIGH
SolarWinds Patch Manager < 2020.2.6 - Authenticated Remote Code Execution via Insecure Deserialization
Sep 01, 2021
CVSS 8.9
EPSS 0.73
CVE-2021-35215 HIGH
SolarWinds Orion Platform < 2020.2.5 - Authenticated Remote Code Execution via Insecure Deserialization
Sep 01, 2021
CVSS 8.9
EPSS 0.83
CVE-2021-35238 MEDIUM
SolarWinds Orion Platform < 2020.2.5 - Authenticated Stored Cross-Site Scripting via CreateExternalWebsite URL Parameter
Sep 01, 2021
CVSS 4.8
EPSS 0.01
CVE-2021-35212 HIGH
Orion Platform - Privilege Escalation
Aug 31, 2021
CVSS 8.9
EPSS 0.02
CVE-2021-35240 MEDIUM
SolarWinds Orion Platform < 2020.2.5 - Stored Cross-Site Scripting via Help Server Setting
Aug 31, 2021
CVSS 6.5
EPSS 0.00
CVE-2021-35239 HIGH
SolarWinds Orion Platform < 2020.2.5 - Stored Cross-Site Scripting via Map Text Box Hyperlink
Aug 31, 2021
CVSS 7.5
EPSS 0.01
CVE-2021-35223 HIGH
Serv-U < 15.2.4 - Remote Code Execution via Event Command Parameters
Aug 31, 2021
CVSS 8.5
EPSS 0.11
CVE-2021-35213 HIGH
Orion Platform <2020.2.5 - Privilege Escalation
Aug 31, 2021
CVSS 8.9
EPSS 0.01
Products
orion_platform 49 serv-u 39 access_rights_manager 32 solarwinds_platform 27 serv-u_file_server 20 web_help_desk 20 serv-u_ftp_server 11 database_performance_analyzer 10 n-central 9 orion_network_performance_monitor 9 network_performance_monitor 8 observability_self-hosted 8 dameware_mini_remote_control 7 network_configuration_manager 7 tftp_server 6 webhelpdesk 6 kiwi_syslog_server 5 log_and_event_manager 5 orion_web_performance_monitor 4 security_event_manager 4 log_\&_event_manager 3 patch_manager 3 server_and_application_monitor 3 storage_manager 3 virtualization_manager 3 SolarWinds Observability Self-Hosted 2 ftp_voyager 2 kiwi_cattools 2 netpath 2 serv-u_mft_server 2
Quick Filters
Critical CVEs With Exploits In CISA KEV