VYPR

Network Configuration Manager

by SolarWinds

CVEs (17)

  • CVE-2025-41437MedJun 9, 2025
    risk 0.28cvss 4.3epss 0.00

    Zohocorp ManageEngine OpManager, NetFlow Analyzer, Network Configuration Manager, Firewall Analyzer and OpUtils versions 128565 and below are vulnerable to Reflected XSS on the login page.

  • CVE-2021-43319Nov 30, 2021
    risk 0.06cvss epss 0.21

    Zoho ManageEngine Network Configuration Manager before 125488 is vulnerable to command injection due to improper validation in the Ping functionality.

  • CVE-2022-37024Aug 9, 2022
    risk 0.04cvss epss 0.78

    Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 2022-07-29 through 2022-07-30 ( 125658, 126003, 126105, and 126120) allow authenticated users to make database changes that lead to remote code…

  • CVE-2022-36923Aug 10, 2022
    risk 0.02cvss epss 0.08

    Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 (125657, 126002, 126104, and 126118) allow unauthenticated attackers to obtain a user's API key, and…

  • CVE-2021-41081Nov 11, 2021
    risk 0.02cvss epss 0.69

    Zoho ManageEngine Network Configuration Manager before 125465 is vulnerable to SQL Injection in a configuration search.

  • CVE-2018-18980Nov 6, 2018
    risk 0.02cvss epss 0.25

    An XML External Entity injection (XXE) vulnerability exists in Zoho ManageEngine Network Configuration Manager and OpManager before 12.3.214 via the RequestXML parameter in a /devices/ProcessRequest.do GET request. For example, the attacker can trigger the transmission of local…

  • CVE-2021-41080Nov 11, 2021
    risk 0.01cvss epss 0.04

    Zoho ManageEngine Network Configuration Manager before 125465 is vulnerable to SQL Injection in a hardware details search.

  • CVE-2014-3459Aug 7, 2014
    risk 0.01cvss epss 0.12

    Heap-based buffer overflow in SolarWinds Network Configuration Manager (NCM) before 7.3 allows remote attackers to execute arbitrary code via the PEstrarg1 property.

  • CVE-2023-40055Nov 9, 2023
    risk 0.00cvss epss 0.02

    The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows a low-level user to perform the actions with SYSTEM privileges. We found this issue was not resolved in CVE-2023-33227

  • CVE-2023-40054Nov 9, 2023
    risk 0.00cvss epss 0.03

    The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows a low-level user to perform the actions with SYSTEM privileges. We found this issue was not resolved in CVE-2023-33226

  • CVE-2023-33228Nov 1, 2023
    risk 0.00cvss epss 0.00

    The SolarWinds Network Configuration Manager was susceptible to the Exposure of Sensitive Information Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to obtain sensitive information.

  • CVE-2023-33227Nov 1, 2023
    risk 0.00cvss epss 0.02

    The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability This vulnerability allows a low level user to perform the actions with SYSTEM privileges.

  • CVE-2023-33226Nov 1, 2023
    risk 0.00cvss epss 0.02

    The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows a low-level user to perform the actions with SYSTEM privileges.

  • CVE-2023-29505Aug 4, 2023
    risk 0.00cvss epss 0.01

    An issue was discovered in Zoho ManageEngine Network Configuration Manager 12.6.165. The WebSocket endpoint allows Cross-site WebSocket hijacking.

  • CVE-2023-23842Jul 26, 2023
    risk 0.00cvss epss 0.03

    The SolarWinds Network Configuration Manager was susceptible to the Directory Traversal Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands.

  • CVE-2021-35226Oct 10, 2022
    risk 0.00cvss epss 0.00

    An entity in Network Configuration Manager product is misconfigured and exposing password field to Solarwinds Information Service (SWIS). Exposed credentials are encrypted and require authenticated access with an NCM role.

  • CVE-2014-2509Jul 1, 2014
    risk 0.00cvss epss 0.02

    Session fixation vulnerability in the Report Advisor (RA) component in EMC Network Configuration Manager (NCM) before 9.3 allows remote attackers to hijack web sessions via a session cookie.