Lucene search
K
SolarwindsNetwork Performance Monitor

8 matches found

CVE
CVE
added 2019/07/16 5:56 p.m.198 views

CVE-2018-13442

The CVE-2018-13442 entry concerns SolarWinds Network Performance Monitor 12.3 and an SQL Injection vulnerability exposed via the /api/ActiveAlertsOnThisEntity/GetActiveAlerts TriggeringObjectEntityNames parameter. Multiple connected sources describe the root cause as lack of proper validation of ...

8.8CVSS9.1AI score0.01665EPSS
Web
CVE
CVE
added 2021/05/21 2:40 p.m.158 views

CVE-2021-31474

CVE-2021-31474 affects SolarWinds Network Performance Monitor 2020.2.1. The vulnerability stems from improper validation in the SolarWinds.Serialization library, enabling deserialization of untrusted data and remote code execution with SYSTEM privileges. Public sources in the connected data inclu...

10CVSS9.7AI score0.94431EPSS
CVE
CVE
added 2021/02/11 11:35 p.m.116 views

CVE-2020-27869

SolarWinds Network Performance Monitor (NPM) 2020 HF1 / 2020.2 is affected by CVE-2020-27869 due to a WriteToFile SQL injection in a user-supplied string used to build queries, enabling privilege escalation and Admin password reset with network access and low privileges. The issue is confirmed ac...

9CVSS9.1AI score0.05091EPSS
CVE
CVE
added 2020/02/25 4:52 p.m.63 views

CVE-2019-12863

CVE-2019-12863 affects SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4). The vulnerability is a stored HTML injection via the Web Console Settings screen, reported as an input/output issue in the web interface and attributable to administrators being able to inject HTML. The availab...

4.8CVSS5.3AI score0.01076EPSS
CVE
CVE
added 2020/05/04 1:30 p.m.58 views

CVE-2019-12864

SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) is affected by an Information Leakage vulnerability caused by improper error handling that exposes stack traces and a full pathname on a 500 Internal Server Error. The issue is demonstrated via the api2/swis/query?lang=en-us&swAlertOn...

5.5CVSS5.5AI score0.00466EPSS
Web
CVE
CVE
added 2017/10/02 2:0 p.m.51 views

CVE-2017-9538

SolarWinds Network Performance Monitor 12.0.15300.90 is affected by a directory-traversal vulnerability in the Upload logo from external path function. A remote attacker can supply a path containing leading .. sequences to trigger a denial-of-service condition that results in a persistent error m...

4.9CVSS5.1AI score0.02432EPSS
Web
CVE
CVE
added 2017/10/02 2:0 p.m.48 views

CVE-2017-9537

SolarWinds Network Performance Monitor 12.0.15300.90 is affected by CVE-2017-9537 (and related records) due to a persistent XSS in the Add Node function. An attacker can inject arbitrary JavaScript into multiple vulnerable parameters (e.g., City, Comments, Department) during node-adding workflows...

4.8CVSS5AI score0.02822EPSS
Web
CVE
CVE
added 2021/10/21 5:39 p.m.45 views

CVE-2021-35225

CVE-2021-35225 affects SolarWinds Orion Platform in MSP environments. The issue allows an authenticated MSP user to view NetPath Services across multiple customers, enabling cross-tenant visibility and potential data exposure. Exploitation details are not provided in the sources. Remediation is c...

6.4CVSS5.5AI score0.00817EPSS