CVSS: 6.4EPSS: 1%CPEs: 2EXPL: 0CVE-2021-35225 – Netpath Horizontal Privilege Escalation Vulnerability: NPM 2020.2.5
https://notcve.org/view.php?id=CVE-2021-35225
21 Oct 2021 — Each authenticated Orion Platform user in a MSP (Managed Service Provider) environment can view and browse all NetPath Services from all that MSP's customers. This can lead to any user having a limited insight into other customer's infrastructure and potential data cross-contamination. Cada usuario autenticado de Orion Platform en un entorno MSP (Managed Service Provider) puede visualizar y navegar todos los servicios NetPath de todos los clientes de ese MSP. Esto puede conllevar a que cualquier usuario ten... • https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-13442
https://notcve.org/view.php?id=CVE-2018-13442
16 Jul 2019 — SolarWinds Network Performance Monitor 12.3 allows SQL Injection via the /api/ActiveAlertsOnThisEntity/GetActiveAlerts TriggeringObjectEntityNames parameter. Network Performance Monitor versión 12.3 de SolarWinds, permite la inyección SQL por medio del parámetro TriggeringObjectEntityNames del archivo /api/ActiveAlertsOnThisEntity/GetActiveAlerts. • https://labs.nettitude.com/blog/cve-2018-13442-solarwinds-npm-sql-injection • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.8EPSS: 1%CPEs: 1EXPL: 1CVE-2017-9537 – SolarWinds Network Performance Monitor 12.0.15300.90 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2017-9537
29 Sep 2017 — Persistent cross-site scripting (XSS) in the Add Node function of SolarWinds Network Performance Monitor version 12.0.15300.90 allows remote attackers to introduce arbitrary JavaScript into various vulnerable parameters. Existe una vulnerabilidad de tipo Cross-Site Scripting (XSS) persistente en la función Add Node de SolarWinds Network Performance Monitor en su versión 12.0.15300.90 que permite que los atacantes remotos introduzcan código JavaScript arbitrario en varios parámetros vulnerables. SolarWinds N... • https://packetstorm.news/files/id/144411 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.9EPSS: 5%CPEs: 1EXPL: 1CVE-2017-9538 – SolarWinds Network Performance Monitor 12.0.15300.90 Denial of Service
https://notcve.org/view.php?id=CVE-2017-9538
29 Sep 2017 — The 'Upload logo from external path' function of SolarWinds Network Performance Monitor version 12.0.15300.90 allows remote attackers to cause a denial of service (permanent display of a "Cannot exit above the top directory" error message throughout the entire web application) via a ".." in the path field. In other words, the denial of service is caused by an incorrect implementation of a directory-traversal protection mechanism. La función "Upload logo from external path" de SolarWinds Network Performance ... • https://packetstorm.news/files/id/144412 • CWE-20: Improper Input Validation •