Network Performance Monitor
by SolarWinds
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-9538 | Med | 0.32 | 4.9 | 0.02 | Oct 3, 2017 | The 'Upload logo from external path' function of SolarWinds Network Performance Monitor version 12.0.15300.90 allows remote attackers to cause a denial of service (permanent display of a "Cannot exit above the top directory" error message throughout the entire web application)… | ||
| CVE-2017-9537 | Med | 0.31 | 4.8 | 0.03 | Oct 3, 2017 | Persistent cross-site scripting (XSS) in the Add Node function of SolarWinds Network Performance Monitor version 12.0.15300.90 allows remote attackers to introduce arbitrary JavaScript into various vulnerable parameters. | ||
| CVE-2020-27869 | 0.05 | — | 0.05 | Feb 11, 2021 | This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor 2020 HF1, NPM: 2020.2. Authentication is required to exploit this vulnerability. The specific flaw exists within the WriteToFile method. The… | |||
| CVE-2021-31474 | 0.04 | — | 0.94 | May 21, 2021 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor 2020.2.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SolarWinds.Serialization library.… | |||
| CVE-2019-12863 | 0.00 | — | 0.01 | Feb 25, 2020 | SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) allows Stored HTML Injection by administrators via the Web Console Settings screen. | |||
| CVE-2019-12954 | 0.00 | — | 0.01 | Feb 17, 2020 | SolarWinds Network Performance Monitor (Orion Platform 2018, NPM 12.3, NetPath 1.1.3) allows XSS by authenticated users via a crafted onerror attribute of a VIDEO element in an action for an ALERT. | |||
| CVE-2018-13442 | 0.00 | — | 0.02 | Jul 16, 2019 | SolarWinds Network Performance Monitor 12.3 allows SQL Injection via the /api/ActiveAlertsOnThisEntity/GetActiveAlerts TriggeringObjectEntityNames parameter. |
- risk 0.32cvss 4.9epss 0.02
The 'Upload logo from external path' function of SolarWinds Network Performance Monitor version 12.0.15300.90 allows remote attackers to cause a denial of service (permanent display of a "Cannot exit above the top directory" error message throughout the entire web application)…
- risk 0.31cvss 4.8epss 0.03
Persistent cross-site scripting (XSS) in the Add Node function of SolarWinds Network Performance Monitor version 12.0.15300.90 allows remote attackers to introduce arbitrary JavaScript into various vulnerable parameters.
- CVE-2020-27869Feb 11, 2021risk 0.05cvss —epss 0.05
This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor 2020 HF1, NPM: 2020.2. Authentication is required to exploit this vulnerability. The specific flaw exists within the WriteToFile method. The…
- CVE-2021-31474May 21, 2021risk 0.04cvss —epss 0.94
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor 2020.2.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SolarWinds.Serialization library.…
- CVE-2019-12863Feb 25, 2020risk 0.00cvss —epss 0.01
SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) allows Stored HTML Injection by administrators via the Web Console Settings screen.
- CVE-2019-12954Feb 17, 2020risk 0.00cvss —epss 0.01
SolarWinds Network Performance Monitor (Orion Platform 2018, NPM 12.3, NetPath 1.1.3) allows XSS by authenticated users via a crafted onerror attribute of a VIDEO element in an action for an ALERT.
- CVE-2018-13442Jul 16, 2019risk 0.00cvss —epss 0.02
SolarWinds Network Performance Monitor 12.3 allows SQL Injection via the /api/ActiveAlertsOnThisEntity/GetActiveAlerts TriggeringObjectEntityNames parameter.