Solarwinds Network Performance Monitor — known CVE vulnerabilities
Every CVE whose affected-product data names Solarwinds Network Performance Monitor, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2021-31474 — CVSS 9.8 (critical): This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor…
CVE-2018-13442 — CVSS 8.8 (high): SolarWinds Network Performance Monitor 12.3 allows SQL Injection via the /api/ActiveAlertsOnThisEntity/GetActiveAlerts…
CVE-2020-27869 — CVSS 8.8 (high): This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor 2020…
CVE-2019-12864 — CVSS 5.5 (medium): SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) is vulnerable to Information Leakage, because of improper error handling…
CVE-2021-35225 — CVSS 5.0 (medium): Each authenticated Orion Platform user in a MSP (Managed Service Provider) environment can view and browse all NetPath Services from all…
CVE-2017-9538 — CVSS 4.9 (medium): The 'Upload logo from external path' function of SolarWinds Network Performance Monitor version 12.0.15300.90 allows remote attackers to…
CVE-2019-12863 — CVSS 4.8 (medium): SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) allows Stored HTML Injection by administrators via the Web Console Settings…
CVE-2017-9537 — CVSS 4.8 (medium): Persistent cross-site scripting (XSS) in the Add Node function of SolarWinds Network Performance Monitor version 12.0.15300.90 allows…