VYPR

Network Performance Monitor

by SolarWinds

CVEs (7)

  • CVE-2017-9538MedOct 3, 2017
    risk 0.32cvss 4.9epss 0.02

    The 'Upload logo from external path' function of SolarWinds Network Performance Monitor version 12.0.15300.90 allows remote attackers to cause a denial of service (permanent display of a "Cannot exit above the top directory" error message throughout the entire web application)…

  • CVE-2017-9537MedOct 3, 2017
    risk 0.31cvss 4.8epss 0.03

    Persistent cross-site scripting (XSS) in the Add Node function of SolarWinds Network Performance Monitor version 12.0.15300.90 allows remote attackers to introduce arbitrary JavaScript into various vulnerable parameters.

  • CVE-2020-27869Feb 11, 2021
    risk 0.05cvss epss 0.05

    This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor 2020 HF1, NPM: 2020.2. Authentication is required to exploit this vulnerability. The specific flaw exists within the WriteToFile method. The…

  • CVE-2021-31474May 21, 2021
    risk 0.04cvss epss 0.94

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor 2020.2.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SolarWinds.Serialization library.…

  • CVE-2019-12863Feb 25, 2020
    risk 0.00cvss epss 0.01

    SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) allows Stored HTML Injection by administrators via the Web Console Settings screen.

  • CVE-2019-12954Feb 17, 2020
    risk 0.00cvss epss 0.01

    SolarWinds Network Performance Monitor (Orion Platform 2018, NPM 12.3, NetPath 1.1.3) allows XSS by authenticated users via a crafted onerror attribute of a VIDEO element in an action for an ALERT.

  • CVE-2018-13442Jul 16, 2019
    risk 0.00cvss epss 0.02

    SolarWinds Network Performance Monitor 12.3 allows SQL Injection via the /api/ActiveAlertsOnThisEntity/GetActiveAlerts TriggeringObjectEntityNames parameter.