CVSS: 10.0EPSS: 45%CPEs: 1EXPL: 0CVE-2019-8917
https://notcve.org/view.php?id=CVE-2019-8917
18 Feb 2019 — SolarWinds Orion NPM before 12.4 suffers from a SYSTEM remote code execution vulnerability in the OrionModuleEngine service. This service establishes a NetTcpBinding endpoint that allows remote, unauthenticated clients to connect and call publicly exposed methods. The InvokeActionMethod method may be abused by an attacker to execute commands as the SYSTEM user. SolarWinds Orion NPM, en versiones anteriores a la 12.4, sufre de una vulnerabilidad de ejecución remota de código "SYSTEM" en el servicio OrionModu... • http://www.securityfocus.com/bid/107061 •
CVSS: 8.8EPSS: 78%CPEs: 8EXPL: 7CVE-2014-9566 – SolarWinds Orion Service - SQL Injection
https://notcve.org/view.php?id=CVE-2014-9566
03 Mar 2015 — Multiple SQL injection vulnerabilities in the Manage Accounts page in the AccountManagement.asmx service in the Solarwinds Orion Platform 2015.1, as used in Network Performance Monitor (NPM) before 11.5, NetFlow Traffic Analyzer (NTA) before 4.1, Network Configuration Manager (NCM) before 7.3.2, IP Address Manager (IPAM) before 4.3, User Device Tracker (UDT) before 3.2, VoIP & Network Quality Manager (VNQM) before 4.2, Server & Application Manager (SAM) before 6.2, Web Performance Monitor (WPM) before 2.2, ... • https://packetstorm.news/files/id/180603 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 1%CPEs: 10EXPL: 2CVE-2012-4939 – SolarWinds Orion IP Address Manager (IPAM) - 'search.aspx' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-4939
31 Oct 2012 — Cross-site scripting (XSS) vulnerability in IPAMSummaryView.aspx in the IPAM web interface before 3.0-HotFix1 in SolarWinds Orion Network Performance Monitor might allow remote attackers to inject arbitrary web script or HTML via the "Search for an IP address" field. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en la IPAMSummaryView.aspx en el interfaz web IPAM anterior a v3.0-HotFix1 en SolarWinds Orion Network Performance Monitor puede permitir a un atacante remoto inyect... • https://www.exploit-db.com/exploits/37995 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 7%CPEs: 2EXPL: 3CVE-2012-2602 – SolarWinds Orion Network Performance Monitor 10.2.2 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-2602
12 Aug 2012 — Multiple cross-site request forgery (CSRF) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) before 10.3.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create user accounts via CreateUserStepContainer actions to Admin/Accounts/Add/OrionAccount.aspx or (2) modify account privileges via a ynAdminRights action to Admin/Accounts/EditAccount.aspx. Múltiples vulnerabilidades de falsificación de peticiones en sitios cruzados (CSRF) en SolarWinds Or... • https://www.exploit-db.com/exploits/20011 • CWE-352: Cross-Site Request Forgery (CSRF) •