Orion NPM
by SolarWinds
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-8917 | 0.03 | — | 0.36 | Feb 18, 2019 | SolarWinds Orion NPM before 12.4 suffers from a SYSTEM remote code execution vulnerability in the OrionModuleEngine service. This service establishes a NetTcpBinding endpoint that allows remote, unauthenticated clients to connect and call publicly exposed methods. The… | |||
| CVE-2020-14005 | 0.01 | — | 0.14 | Jun 24, 2020 | Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows remote attackers to execute arbitrary code via a defined event. | |||
| CVE-2021-35248 | 0.00 | — | 0.01 | Dec 20, 2021 | It has been reported that any Orion user, e.g. guest accounts can query the Orion.UserSettings entity and enumerate users and their basic settings. | |||
| CVE-2020-14006 | 0.00 | — | 0.01 | Jun 24, 2020 | Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows XSS via a Responsible Team. | |||
| CVE-2020-14007 | 0.00 | — | 0.01 | Jun 24, 2020 | Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows XSS via a name of an alert definition. |
- CVE-2019-8917Feb 18, 2019risk 0.03cvss —epss 0.36
SolarWinds Orion NPM before 12.4 suffers from a SYSTEM remote code execution vulnerability in the OrionModuleEngine service. This service establishes a NetTcpBinding endpoint that allows remote, unauthenticated clients to connect and call publicly exposed methods. The…
- CVE-2020-14005Jun 24, 2020risk 0.01cvss —epss 0.14
Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows remote attackers to execute arbitrary code via a defined event.
- CVE-2021-35248Dec 20, 2021risk 0.00cvss —epss 0.01
It has been reported that any Orion user, e.g. guest accounts can query the Orion.UserSettings entity and enumerate users and their basic settings.
- CVE-2020-14006Jun 24, 2020risk 0.00cvss —epss 0.01
Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows XSS via a Responsible Team.
- CVE-2020-14007Jun 24, 2020risk 0.00cvss —epss 0.01
Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows XSS via a name of an alert definition.