VYPR

Storage Manager

by SolarWinds

CVEs (6)

  • CVE-2012-2576CriDec 20, 2017
    risk 0.71cvss 9.8epss 0.59

    SQL injection vulnerability in the LoginServlet page in SolarWinds Storage Manager before 5.1.2, SolarWinds Storage Profiler before 5.1.2, and SolarWinds Backup Profiler before 5.1.2 allows remote attackers to execute arbitrary SQL commands via the loginName field.

  • CVE-2015-5371Jul 6, 2015
    risk 0.10cvss epss 0.93

    The AuthenticationFilter class in SolarWinds Storage Manager allows remote attackers to upload and execute arbitrary scripts via unspecified vectors.

  • CVE-2022-27836Apr 11, 2022
    risk 0.00cvss epss 0.00

    Improper access control and path traversal vulnerability in Storage Manager and Storage Manager Service prior to SMR Apr-2022 Release 1 allow local attackers to access arbitrary system files without a proper permission. The patch adds proper validation logic to prevent arbitrary…

  • CVE-2021-32522Jul 7, 2021
    risk 0.00cvss epss 0.01

    Improper restriction of excessive authentication attempts vulnerability in QSAN Storage Manager, XEVO, SANOS allows remote attackers to discover users’ credentials and obtain access via a brute force attack. Suggest contacting with QSAN and refer to recommendations in QSAN…

  • CVE-2020-5684Dec 24, 2020
    risk 0.00cvss epss 0.00

    iSM client versions from V5.1 prior to V12.1 running on NEC Storage Manager or NEC Storage Manager Express does not verify a server certificate properly, which allows a man-in-the-middle attacker to eavesdrop on an encrypted communication or alter the communication via a crafted…

  • CVE-2015-7838Oct 15, 2015
    risk 0.00cvss epss 0.05

    ProcessFileUpload.jsp in SolarWinds Storage Manager before 6.2 allows remote attackers to upload and execute arbitrary files via unspecified vectors.