Lucene search

K

Network Performance Monitor Security Vulnerabilities

cve
cve

CVE-2012-2602

Multiple cross-site request forgery (CSRF) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) before 10.3.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create user accounts via CreateUserStepContainer actions to...

7.4AI Score

0.005EPSS

2022-10-03 04:15 PM
23
cve
cve

CVE-2012-4939

Cross-site scripting (XSS) vulnerability in IPAMSummaryView.aspx in the IPAM web interface before 3.0-HotFix1 in SolarWinds Orion Network Performance Monitor might allow remote attackers to inject arbitrary web script or HTML via the "Search for an IP address"...

5.8AI Score

0.161EPSS

2022-10-03 04:15 PM
42
cve
cve

CVE-2021-45105

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue...

5.9CVSS

7.5AI Score

0.966EPSS

2021-12-18 12:15 PM
751
In Wild
4
cve
cve

CVE-2021-35225

Each authenticated Orion Platform user in a MSP (Managed Service Provider) environment can view and browse all NetPath Services from all that MSP's customers. This can lead to any user having a limited insight into other customer's infrastructure and potential data...

6.4CVSS

6.2AI Score

0.001EPSS

2021-10-21 06:15 PM
18
cve
cve

CVE-2021-31474

This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor 2020.2.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SolarWinds.Serialization library. The issue results...

9.8CVSS

9.7AI Score

0.628EPSS

2021-05-21 03:15 PM
113
3
cve
cve

CVE-2021-3449

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then.....

5.9CVSS

6.5AI Score

0.004EPSS

2021-03-25 03:15 PM
624
82
cve
cve

CVE-2020-27869

This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor 2020 HF1, NPM: 2020.2. Authentication is required to exploit this vulnerability. The specific flaw exists within the WriteToFile method. The issue results from the.....

8.8CVSS

9.1AI Score

0.007EPSS

2021-02-12 12:15 AM
82
5
cve
cve

CVE-2020-14007

Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows XSS via a name of an alert...

5.4CVSS

5.2AI Score

0.001EPSS

2020-06-24 02:15 PM
17
cve
cve

CVE-2020-14005

Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows remote attackers to execute arbitrary code via a defined...

8.8CVSS

8.9AI Score

0.039EPSS

2020-06-24 02:15 PM
85
15
cve
cve

CVE-2020-14006

Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows XSS via a Responsible...

5.4CVSS

5.2AI Score

0.001EPSS

2020-06-24 02:15 PM
24
cve
cve

CVE-2019-12864

SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) is vulnerable to Information Leakage, because of improper error handling with stack traces, as demonstrated by discovering a full pathname upon a 500 Internal Server Error via the api2/swis/query?lang=en-us&swAlertOnError=false query...

5.5CVSS

5.5AI Score

0.001EPSS

2020-05-04 02:15 PM
26
cve
cve

CVE-2019-12863

SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) allows Stored HTML Injection by administrators via the Web Console Settings...

4.8CVSS

5.3AI Score

0.001EPSS

2020-02-25 05:15 PM
31
2
cve
cve

CVE-2019-12954

SolarWinds Network Performance Monitor (Orion Platform 2018, NPM 12.3, NetPath 1.1.3) allows XSS by authenticated users via a crafted onerror attribute of a VIDEO element in an action for an...

5.4CVSS

5.1AI Score

0.001EPSS

2020-02-17 05:15 PM
24
cve
cve

CVE-2019-10219

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS...

6.1CVSS

6AI Score

0.002EPSS

2019-11-08 03:15 PM
168
6
cve
cve

CVE-2018-13442

SolarWinds Network Performance Monitor 12.3 allows SQL Injection via the /api/ActiveAlertsOnThisEntity/GetActiveAlerts TriggeringObjectEntityNames...

8.8CVSS

9.1AI Score

0.001EPSS

2019-07-16 06:15 PM
170
cve
cve

CVE-2019-8917

SolarWinds Orion NPM before 12.4 suffers from a SYSTEM remote code execution vulnerability in the OrionModuleEngine service. This service establishes a NetTcpBinding endpoint that allows remote, unauthenticated clients to connect and call publicly exposed methods. The InvokeActionMethod method may....

9.8CVSS

9.8AI Score

0.253EPSS

2019-02-18 07:29 PM
53
2
cve
cve

CVE-2018-11039

Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS...

5.9CVSS

6.9AI Score

0.003EPSS

2018-06-25 03:29 PM
111
cve
cve

CVE-2018-1258

Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be...

8.8CVSS

9AI Score

0.004EPSS

2018-05-11 08:29 PM
161
1
cve
cve

CVE-2017-9537

Persistent cross-site scripting (XSS) in the Add Node function of SolarWinds Network Performance Monitor version 12.0.15300.90 allows remote attackers to introduce arbitrary JavaScript into various vulnerable...

4.8CVSS

5AI Score

0.001EPSS

2017-10-03 01:29 AM
19
cve
cve

CVE-2017-9538

The 'Upload logo from external path' function of SolarWinds Network Performance Monitor version 12.0.15300.90 allows remote attackers to cause a denial of service (permanent display of a "Cannot exit above the top directory" error message throughout the entire web application) via a ".." in the...

4.9CVSS

5.1AI Score

0.002EPSS

2017-10-03 01:29 AM
24
cve
cve

CVE-2017-5645

In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary...

9.8CVSS

9.5AI Score

0.874EPSS

2017-04-17 09:59 PM
453
3
cve
cve

CVE-2014-9566

Multiple SQL injection vulnerabilities in the Manage Accounts page in the AccountManagement.asmx service in the Solarwinds Orion Platform 2015.1, as used in Network Performance Monitor (NPM) before 11.5, NetFlow Traffic Analyzer (NTA) before 4.1, Network Configuration Manager (NCM) before 7.3.2,...

8.1AI Score

0.963EPSS

2015-03-10 02:59 PM
27
cve
cve

CVE-2012-2577

Multiple cross-site scripting (XSS) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) before 10.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) syslocation, (2) syscontact, or (3) sysName field of an snmpd.conf...

5.8AI Score

0.004EPSS

2012-08-12 04:55 PM
23
cve
cve

CVE-2010-4828

Multiple cross-site scripting (XSS) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) 10.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Title parameter to MapView.aspx; NetObject parameter to (2) NodeDetails.aspx and (3) InterfaceDetails.aspx; and...

5.9AI Score

0.002EPSS

2011-08-24 10:55 AM
23
cve
cve

CVE-2007-0060

Stack-based buffer overflow in the Message Queuing Server (Cam.exe) in CA (formerly Computer Associates) Message Queuing (CAM / CAFT) software before 1.11 Build 54_4 on Windows and NetWare, as used in CA Advantage Data Transport, eTrust Admin, certain BrightStor products, certain CleverPath...

7.9AI Score

0.919EPSS

2007-07-26 12:30 AM
25
2
cve
cve

CVE-2005-2668

Multiple buffer overflows in Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 before Build 29_13 allow remote attackers to execute arbitrary code via unknown...

7.6AI Score

0.952EPSS

2005-08-23 04:00 AM
38
2
cve
cve

CVE-2005-2669

Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 before Build 29_13 allows remote attackers to execute arbitrary commands via spoofed CAFT...

7.7AI Score

0.023EPSS

2005-08-23 04:00 AM
33
2