Storage Manager
by SolarWinds
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-2576 | Cri | 0.71 | 9.8 | 0.59 | Dec 20, 2017 | SQL injection vulnerability in the LoginServlet page in SolarWinds Storage Manager before 5.1.2, SolarWinds Storage Profiler before 5.1.2, and SolarWinds Backup Profiler before 5.1.2 allows remote attackers to execute arbitrary SQL commands via the loginName field. | ||
| CVE-2015-5371 | 0.10 | — | 0.93 | Jul 6, 2015 | The AuthenticationFilter class in SolarWinds Storage Manager allows remote attackers to upload and execute arbitrary scripts via unspecified vectors. | |||
| CVE-2022-27836 | 0.00 | — | 0.00 | Apr 11, 2022 | Improper access control and path traversal vulnerability in Storage Manager and Storage Manager Service prior to SMR Apr-2022 Release 1 allow local attackers to access arbitrary system files without a proper permission. The patch adds proper validation logic to prevent arbitrary… | |||
| CVE-2021-32522 | 0.00 | — | 0.01 | Jul 7, 2021 | Improper restriction of excessive authentication attempts vulnerability in QSAN Storage Manager, XEVO, SANOS allows remote attackers to discover users’ credentials and obtain access via a brute force attack. Suggest contacting with QSAN and refer to recommendations in QSAN… | |||
| CVE-2020-5684 | 0.00 | — | 0.00 | Dec 24, 2020 | iSM client versions from V5.1 prior to V12.1 running on NEC Storage Manager or NEC Storage Manager Express does not verify a server certificate properly, which allows a man-in-the-middle attacker to eavesdrop on an encrypted communication or alter the communication via a crafted… | |||
| CVE-2015-7838 | 0.00 | — | 0.05 | Oct 15, 2015 | ProcessFileUpload.jsp in SolarWinds Storage Manager before 6.2 allows remote attackers to upload and execute arbitrary files via unspecified vectors. |
- risk 0.71cvss 9.8epss 0.59
SQL injection vulnerability in the LoginServlet page in SolarWinds Storage Manager before 5.1.2, SolarWinds Storage Profiler before 5.1.2, and SolarWinds Backup Profiler before 5.1.2 allows remote attackers to execute arbitrary SQL commands via the loginName field.
- CVE-2015-5371Jul 6, 2015risk 0.10cvss —epss 0.93
The AuthenticationFilter class in SolarWinds Storage Manager allows remote attackers to upload and execute arbitrary scripts via unspecified vectors.
- CVE-2022-27836Apr 11, 2022risk 0.00cvss —epss 0.00
Improper access control and path traversal vulnerability in Storage Manager and Storage Manager Service prior to SMR Apr-2022 Release 1 allow local attackers to access arbitrary system files without a proper permission. The patch adds proper validation logic to prevent arbitrary…
- CVE-2021-32522Jul 7, 2021risk 0.00cvss —epss 0.01
Improper restriction of excessive authentication attempts vulnerability in QSAN Storage Manager, XEVO, SANOS allows remote attackers to discover users’ credentials and obtain access via a brute force attack. Suggest contacting with QSAN and refer to recommendations in QSAN…
- CVE-2020-5684Dec 24, 2020risk 0.00cvss —epss 0.00
iSM client versions from V5.1 prior to V12.1 running on NEC Storage Manager or NEC Storage Manager Express does not verify a server certificate properly, which allows a man-in-the-middle attacker to eavesdrop on an encrypted communication or alter the communication via a crafted…
- CVE-2015-7838Oct 15, 2015risk 0.00cvss —epss 0.05
ProcessFileUpload.jsp in SolarWinds Storage Manager before 6.2 allows remote attackers to upload and execute arbitrary files via unspecified vectors.