Solarwinds Security Vulnerabilities
9.8CVSS
9.4AI Score
0.002EPSS
SolarWinds Serv-U File Server before 15.2.1 has a "Cross-script vulnerability," aka Case Numbers 00041778 and 00306421.
6.1CVSS
6.3AI Score
0.001EPSS
SolarWinds Serv-U File Server before 15.2.1 mishandles the Same-Site cookie attribute, aka Case Number 00331893.
7.5CVSS
7.5AI Score
0.002EPSS
SolarWinds Serv-U File Server before 15.2.1 allows XSS as demonstrated by Tenable Scan, aka Case Number 00484194.
6.1CVSS
6AI Score
0.001EPSS
SolarWinds Serv-U File Server before 15.2.1 allows information disclosure via an HTTP response.
7.5CVSS
7.2AI Score
0.002EPSS
SolarWinds N-central through 2020.1 allows session hijacking and requires user interaction or physical access. The N-Central JSESSIONID cookie attribute is not checked against multiple sources such as sourceip, MFA claim, etc. as long as the victim stays logged in within N-Central. To take advantag...
8.8CVSS
8.3AI Score
0.003EPSS
SolarWinds N-Central version 12.3 GA and lower does not set the JSESSIONID attribute to HTTPOnly. This makes it possible to influence the cookie with javascript. An attacker could send the user to a prepared webpage or by influencing JavaScript to the extract the JESSIONID. This could then be forwa...
4.7CVSS
4.6AI Score
0.001EPSS
SolarWinds Serv-U before 15.1.6 Hotfix 3 is affected by Cross Site Scripting (XSS) via a directory name (entered by an admin) containing a JavaScript payload.
4.8CVSS
4.9AI Score
0.001EPSS
An issue was discovered in SolarWinds N-Central 12.3.0.670. The AdvancedScripts HTTP endpoint allows Relative Path Traversal by an authenticated user of the N-Central Administration Console (NAC), leading to execution of OS commands as root.
8.8CVSS
8.6AI Score
0.007EPSS
An issue was discovered in SolarWinds N-Central 12.3.0.670. The sudo configuration has incorrect access control because the nable web user account is effectively able to run arbitrary OS commands as root (i.e., the use of root privileges is not limited to specific programs listed in the sudoers fil...
8.8CVSS
8.7AI Score
0.007EPSS
An issue was discovered in SolarWinds N-Central 12.3.0.670. The SSH component does not restrict the Communication Channel to Intended Endpoints. An attacker can leverage an SSH feature (port forwarding with a temporary key pair) to access network services on the 127.0.0.1 interface, even though thi...
4.4CVSS
4.6AI Score
0.0005EPSS
An issue was discovered in SolarWinds N-Central 12.3.0.670. Hard-coded Credentials exist by default for local user accounts named [email protected] and [email protected]. These allow logins to the N-Central Administrative Console (NAC) and/or the regular web interface.
7.8CVSS
7.5AI Score
0.0004EPSS
An issue was discovered in SolarWinds N-Central 12.3.0.670. The local database does not require authentication: security is only based on ability to access a network interface. The database has keys and passwords.
8.4CVSS
8.1AI Score
0.001EPSS
An issue was discovered in SolarWinds N-Central 12.3.0.670. The AdvancedScripts HTTP endpoint allows CSRF.
8.8CVSS
8.6AI Score
0.002EPSS
This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor 2020 HF1, NPM: 2020.2. Authentication is required to exploit this vulnerability. The specific flaw exists within the WriteToFile method. The issue results from the l...
8.8CVSS
9.1AI Score
0.007EPSS
This vulnerability allows remote attackers to disclose sensitive information on affected installations of SolarWinds Orion Platform 2020.2.1. Authentication is required to exploit this vulnerability. The specific flaw exists within ExportToPDF.aspx. The issue results from the lack of proper validat...
6.5CVSS
6.2AI Score
0.019EPSS
This vulnerability allows remote attackers to create arbitrary files on affected installations of SolarWinds Orion Platform 2020.2.1. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within Vulnerabili...
7.2CVSS
7.3AI Score
0.281EPSS
6.5CVSS
6.5AI Score
0.008EPSS
5.4CVSS
5.5AI Score
0.002EPSS
9.8CVSS
7.6AI Score
0.002EPSS
5.4CVSS
5.5AI Score
0.001EPSS
SolarWinds Orion Platform before 2020.2.5 allows stored XSS attacks by an administrator on the Customize View page.
4.8CVSS
5.2AI Score
0.001EPSS
Classic buffer overflow in SolarWinds Dameware allows a remote, unauthenticated attacker to cause a denial of service by sending a large 'SigPubkeyLen' during ECDH key exchange.
7.5CVSS
7.6AI Score
0.011EPSS
SolarWinds N-central before 12.1 SP1 HF5 and 12.2 before SP1 HF2 allows remote attackers to retrieve cleartext domain admin credentials from the Agent & Probe settings, and obtain other sensitive information. The attacker can use a customer ID to self register and read any aspects of the agent/appl...
7.5CVSS
7.4AI Score
0.008EPSS
SolarWinds Serv-U before 15.2 is affected by Cross Site Scripting (XSS) via the HTTP Host header.
6.1CVSS
6AI Score
0.001EPSS
The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ (Microsoft Message Queue) and doesn't set permissions on its private queues. As a result, remote unauthenticated clients can send messages to TCP port 1801 that the Collector Service will process. Additionally, upon proces...
9.8CVSS
9.7AI Score
0.055EPSS
SolarWinds Orion Platform before 2020.2.4, as used by various SolarWinds products, installs and uses a SQL Server backend, and stores database credentials to access this backend in a file readable by unprivileged users. As a result, any user having access to the filesystem can read database login d...
7.8CVSS
8.9AI Score
0.001EPSS
In SolarWinds Serv-U before 15.2.2 Hotfix 1, there is a directory containing user profile files (that include users' password hashes) that is world readable and writable. An unprivileged Windows user (having access to the server's filesystem) can add an FTP user by copying a valid profile file to t...
7.1CVSS
8.2AI Score
0.001EPSS
This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Patch Manager 2020.2.1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the ...
7.8CVSS
7.9AI Score
0.001EPSS
This vulnerability allows remote attackers to execute escalate privileges on affected installations of SolarWinds Orion Platform 2020.2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SaveUserSetting endpoint. The issue results from improper restri...
9.8CVSS
9.7AI Score
0.022EPSS
This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Orion Virtual Infrastructure Monitor 2020.2. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific fl...
7.8CVSS
7.9AI Score
0.001EPSS
The node management page in SolarWinds Orion Platform before 2020.2.5 HF1 allows an attacker to create or delete a node (outside of the attacker's perimeter) via an account with write permissions. This occurs because node IDs are predictable (with incrementing numbers) and the access control on Ser...
5.4CVSS
5.3AI Score
0.001EPSS
The custom menu item options page in SolarWinds Orion Platform before 2020.2.5 allows Reverse Tabnabbing in the context of an administrator account.
4.8CVSS
5.4AI Score
0.001EPSS
In SolarWinds DameWare Mini Remote Control Server 12.0.1.200, insecure file permissions allow file deletion as SYSTEM.
9.1CVSS
9.3AI Score
0.001EPSS
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor 2020.2.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SolarWinds.Serialization library. The issue results fr...
9.8CVSS
9.7AI Score
0.643EPSS
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Job Scheduler 2020.2.1 HF 2. Authentication is required to exploit this vulnerability. The specific flaw exists within the JobRouterService WCF service. The issue is due to the WCF ser...
8.8CVSS
8.8AI Score
0.011EPSS
An issue was discovered in SolarWinds Serv-U before 15.2.2. Unauthenticated attackers can retrieve cleartext passwords via macro Injection. NOTE: this had a distinct fix relative to CVE-2020-35481.
7.5CVSS
8.5AI Score
0.002EPSS
Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2. An attacker can access the 'Web Help Desk Getting Started Wizard', especially the admin account creation page, from a non-privileged IP address network range or loopback address by intercepting the HTTP ...
5.3CVSS
5.2AI Score
0.001EPSS
Share/IncomingWizard.htm in SolarWinds Serv-U before 15.2.3 mishandles the user-supplied SenderEmail parameter, aka "Share URL XSS."
5.4CVSS
5.5AI Score
0.001EPSS
Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability. If exploited, a threat actor may be able to gain privileged access to the machine hosting Serv-U Only. SolarWinds Serv-U Managed File Transfer and Serv-U...
An SQL injection Privilege Escalation Vulnerability was discovered in the Orion Platform reported by the ZDI Team. A blind Boolean SQL injection which could lead to full read/write over the Orion database content including the Orion certificate for any authenticated user.
8.9CVSS
8.9AI Score
0.003EPSS
An Improper Access Control Privilege Escalation Vulnerability was discovered in the User Setting of Orion Platform version 2020.2.5. It allows a guest user to elevate privileges to the Administrator using this vulnerability. Authentication is required to exploit the vulnerability.
8.9CVSS
8.6AI Score
0.002EPSS
The vulnerability in SolarWinds Pingdom can be described as a failure to invalidate user session upon password or email address change. When running multiple active sessions in separate browser windows, it was observed a password or email address change could be changed without terminating the user...
4.8CVSS
4.8AI Score
0.0004EPSS
Insecure deserialization leading to Remote Code Execution was detected in the Orion Platform version 2020.2.5. Authentication is required to exploit this vulnerability.
8.9CVSS
9AI Score
0.121EPSS
Insecure Deserialization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module. An Authenticated Attacker with network access via HTTP can compromise this vulnerability can result in Remote Code Execution.
8.9CVSS
9.1AI Score
0.082EPSS
Insecure Deseralization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module and reported to us by ZDI. An Authenticated Attacker could exploit it by executing WSAsyncExecuteTasks deserialization of untrusted data.
8.9CVSS
9AI Score
0.053EPSS
Deserialization of Untrusted Data in the Web Console Chart Endpoint can lead to remote code execution. An unauthorized attacker who has network access to the Orion Patch Manager Web Console could potentially exploit this and compromise the server
8.9CVSS
8.8AI Score
0.069EPSS
ExportToPdfCmd Arbitrary File Read Information Disclosure Vulnerability using ImportAlert function within the Alerts Settings page.
6CVSS
6.7AI Score
0.001EPSS
Command Injection vulnerability in EmailWebPage API which can lead to a Remote Code Execution (RCE) from the Alerts Settings page.
8.1CVSS
7.8AI Score
0.004EPSS
Improper Access Control Tampering Vulnerability using ImportAlert function which can lead to a Remote Code Execution (RCE) from the Alerts Settings page.
8.1CVSS
8.5AI Score
0.002EPSS