VYPR

Orion NPM

by SolarWinds

CVEs (5)

  • CVE-2019-8917Feb 18, 2019
    risk 0.03cvss epss 0.36

    SolarWinds Orion NPM before 12.4 suffers from a SYSTEM remote code execution vulnerability in the OrionModuleEngine service. This service establishes a NetTcpBinding endpoint that allows remote, unauthenticated clients to connect and call publicly exposed methods. The…

  • CVE-2020-14005Jun 24, 2020
    risk 0.01cvss epss 0.14

    Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows remote attackers to execute arbitrary code via a defined event.

  • CVE-2021-35248Dec 20, 2021
    risk 0.00cvss epss 0.01

    It has been reported that any Orion user, e.g. guest accounts can query the Orion.UserSettings entity and enumerate users and their basic settings.

  • CVE-2020-14006Jun 24, 2020
    risk 0.00cvss epss 0.01

    Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows XSS via a Responsible Team.

  • CVE-2020-14007Jun 24, 2020
    risk 0.00cvss epss 0.01

    Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows XSS via a name of an alert definition.