solarwinds

324 tracked vulnerabilities.

CVE-2021-35240 MEDIUM
SolarWinds Orion Platform < 2020.2.5 - Stored Cross-Site Scripting via Help Server Setting
Aug 31, 2021
CVSS 6.5
EPSS 0.01
CVE-2021-35239 HIGH
SolarWinds Orion Platform < 2020.2.5 - Stored Cross-Site Scripting via Map Text Box Hyperlink
Aug 31, 2021
CVSS 7.5
EPSS 0.01
CVE-2021-35223 HIGH
Serv-U < 15.2.4 - Remote Code Execution via Event Command Parameters
Aug 31, 2021
CVSS 8.5
EPSS 0.03
CVE-2021-35213 HIGH
Orion Platform <2020.2.5 - Privilege Escalation
Aug 31, 2021
CVSS 8.9
EPSS 0.03
CVE-2021-35222 HIGH
SolarWinds Orion Platform < 2020.2.6 - Remote Code Execution via Alerts Settings Page
Aug 31, 2021
CVSS 8.0
EPSS 0.03
CVE-2021-35221 MEDIUM
SolarWinds Orion Platform ImportAlert - Access Control Remote Code Execution
Aug 31, 2021
CVSS 6.3
EPSS 0.02
CVE-2021-35220 HIGH
SolarWinds Orion Platform < 2020.2.6 - Remote Code Execution via EmailWebPage API
Aug 31, 2021
CVSS 8.1
EPSS 0.02
CVE-2021-35219 MEDIUM
ExportToPdfCmd <ImportAlert - Info Disclosure
Aug 31, 2021
CVSS 6.0
EPSS 0.01
CVE-2021-32076 MEDIUM
SolarWinds Web Help Desk < 12.7.2 - Authentication Bypass via Referrer Spoofing
Aug 26, 2021
CVSS 5.3
EPSS 0.01
CVE-2021-28674 MEDIUM
SolarWinds Orion Platform < 2020.2.5 - Authenticated Node Creation and Deletion via Predictable Node IDs
Jul 30, 2021
CVSS 5.4
EPSS 0.01
CVE-2021-35211 CRITICAL KEVNUCLEI
SolarWinds Serv-U <15.2.3 HF2 - RCE
Jul 14, 2021
CVSS 9.0
EPSS 0.91
CVE-2021-31217 CRITICAL
SolarWinds DameWare Mini Remote Control Server 12.0.1.200 - Unauthenticated File Deletion via Insecure Permissions
Jul 13, 2021
CVSS 9.1
EPSS 0.04
CVE-2021-31475 HIGH
SolarWinds Orion Job Scheduler 2020.2.1 HF 2 - Authenticated Remote Code Execution via JobRouterService WCF Service
May 21, 2021
CVSS 8.8
EPSS 0.06
CVE-2021-31474 CRITICAL
SolarWinds Network Performance Monitor 2020.2.1-2020.2.5 - Remote Code Execution via Untrusted Data Deserialization
May 21, 2021
CVSS 9.8
EPSS 0.94
CVE-2021-32604 MEDIUM
SolarWinds Serv-U < 15.2.3 - Cross-Site Scripting via Share URL SenderEmail Parameter
May 11, 2021
CVSS 5.4
EPSS 0.02
CVE-2021-25179 MEDIUM
SolarWinds Serv-U < 15.2 - Cross-Site Scripting via HTTP Host Header
May 05, 2021
CVSS 6.1
EPSS 0.01
CVE-2021-3154 HIGH
SolarWinds Serv-U < 15.2.2 - Unauthenticated Cleartext Password Exposure via Macro Injection
May 04, 2021
CVSS 7.5
EPSS 0.01
CVE-2021-27277 HIGH
SolarWinds Orion Platform - Privilege Escalation via OneTimeJobSchedulerEventsService WCF Deserialization
Apr 22, 2021
CVSS 7.8
EPSS 0.01
CVE-2021-27258 CRITICAL
SolarWinds Orion Platform 2020.2 - Privilege Escalation
Apr 14, 2021
CVSS 9.8
EPSS 0.04
CVE-2021-27240 HIGH
SolarWinds Patch Manager 2020.2.1 - Privilege Escalation
Mar 29, 2021
CVSS 7.8
EPSS 0.00
CVE-2021-3109 MEDIUM
SolarWinds Orion Platform < 2020.2.5 - Reverse Tabnabbing via Custom Menu Item Options Page
Mar 26, 2021
CVSS 4.8
EPSS 0.01
CVE-2021-25276 HIGH
SolarWinds Serv-U <15.2.2 - Privilege Escalation
Feb 03, 2021
CVSS 7.1
EPSS 0.00
CVE-2021-25275 HIGH
SolarWinds Orion Platform <2020.2.4 - Info Disclosure
Feb 03, 2021
CVSS 7.8
EPSS 0.01
CVE-2021-25274 CRITICAL
SolarWinds Orion Platform <2020.2.4 - RCE
Feb 03, 2021
CVSS 9.8
EPSS 0.36
CVE-2020-22428 MEDIUM
SolarWinds Serv-U < 15.1.6 Hotfix 3 - Stored Cross-Site Scripting via Directory Name
May 05, 2021
CVSS 4.8
EPSS 0.01