Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Solarwinds Subscribe
Filtered by product Network Performance Monitor

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-35225 1 Solarwinds 1 Network Performance Monitor 2022-07-12 5.5 MEDIUM 6.4 MEDIUM
Each authenticated Orion Platform user in a MSP (Managed Service Provider) environment can view and browse all NetPath Services from all that MSP's customers. This can lead to any user having a limited insight into other customer's infrastructure and potential data cross-contamination.
CVE-2019-12864 1 Solarwinds 3 Netpath, Network Performance Monitor, Orion Platform 2021-07-21 2.1 LOW 5.5 MEDIUM
SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) is vulnerable to Information Leakage, because of improper error handling with stack traces, as demonstrated by discovering a full pathname upon a 500 Internal Server Error via the api2/swis/query?lang=en-us&swAlertOnError=false query parameter.
CVE-2019-12863 1 Solarwinds 3 Netpath, Network Performance Monitor, Orion Platform 2020-08-24 3.5 LOW 4.8 MEDIUM
SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) allows Stored HTML Injection by administrators via the Web Console Settings screen.
CVE-2017-9537 1 Solarwinds 1 Network Performance Monitor 2018-10-09 3.5 LOW 4.8 MEDIUM
Persistent cross-site scripting (XSS) in the Add Node function of SolarWinds Network Performance Monitor version 12.0.15300.90 allows remote attackers to introduce arbitrary JavaScript into various vulnerable parameters.
CVE-2017-9538 1 Solarwinds 1 Network Performance Monitor 2018-10-09 4.0 MEDIUM 4.9 MEDIUM
The 'Upload logo from external path' function of SolarWinds Network Performance Monitor version 12.0.15300.90 allows remote attackers to cause a denial of service (permanent display of a "Cannot exit above the top directory" error message throughout the entire web application) via a ".." in the path field. In other words, the denial of service is caused by an incorrect implementation of a directory-traversal protection mechanism.