Solarwinds Orion Network Performance Monitor — known CVE vulnerabilities
Every CVE whose affected-product data names Solarwinds Orion Network Performance Monitor, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2019-8917 — CVSS 9.8 (critical): SolarWinds Orion NPM before 12.4 suffers from a SYSTEM remote code execution vulnerability in the OrionModuleEngine service. This service…
CVE-2020-14005 — CVSS 8.8 (high): Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows remote attackers to execute arbitrary…
CVE-2014-9566 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in the Manage Accounts page in the AccountManagement.asmx service in the Solarwinds Orion Platform…
CVE-2020-14007 — CVSS 5.4 (medium): Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows XSS via a name of an alert definition.
CVE-2020-14006 — CVSS 5.4 (medium): Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows XSS via a Responsible Team.
CVE-2012-4939 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in IPAMSummaryView.aspx in the IPAM web interface before 3.0-HotFix1 in SolarWinds Orion Network…