Skip to main content

Orion Network Performance Monitor

8 CVEs product

Monthly

CVE-2020-14007 MEDIUM POC This Month

Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows XSS via a name of an alert definition. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Node.js Orion Network Performance Monitor Orion Web Performance Monitor
NVD GitHub
CVSS 3.1
5.4
EPSS
1.1%
CVE-2020-14006 MEDIUM POC This Month

Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows XSS via a Responsible Team. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Node.js Orion Network Performance Monitor Orion Web Performance Monitor
NVD GitHub
CVSS 3.1
5.4
EPSS
1.1%
CVE-2020-14005 HIGH This Week

Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows remote attackers to execute arbitrary code via a defined event. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Node.js RCE Orion Network Performance Monitor Orion Web Performance Monitor
NVD GitHub
CVSS 3.1
8.8
EPSS
14.3%
CVE-2019-8917 CRITICAL Act Now

SolarWinds Orion NPM before 12.4 suffers from a SYSTEM remote code execution vulnerability in the OrionModuleEngine service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js RCE Orion Network Performance Monitor
NVD GitHub
CVSS 3.0
9.8
EPSS
36.4%
CVE-2014-9566 HIGH POC THREAT Act Now

Multiple SQL injection vulnerabilities in the Manage Accounts page in the AccountManagement.asmx service in the Solarwinds Orion Platform 2015.1, as used in Network Performance Monitor (NPM) before. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 77.5%.

SQLi Node.js Orion Ip Address Manager Orion Netflow Traffic Analyzer Orion Network Configuration Manager +5
NVD Exploit-DB GitHub
CVSS 2.0
7.5
EPSS
77.5%
Threat
5.3
CVE-2012-4939 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in IPAMSummaryView.aspx in the IPAM web interface before 3.0-HotFix1 in SolarWinds Orion Network Performance Monitor might allow remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Ip Address Manager Web Interface Orion Network Performance Monitor
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
9.8%
CVE-2012-2602 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) before 10.3.1 allow remote attackers to hijack the authentication of administrators. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Node.js Orion Network Performance Monitor
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
8.7%
CVE-2012-2577 MEDIUM POC THREAT This Month

Multiple cross-site scripting (XSS) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) before 10.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 18.7%.

Node.js XSS Orion Network Performance Monitor
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
18.7%
EPSS 1% CVSS 5.4
MEDIUM POC This Month

Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows XSS via a name of an alert definition. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Node.js Orion Network Performance Monitor +1
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC This Month

Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows XSS via a Responsible Team. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Node.js Orion Network Performance Monitor +1
NVD GitHub
EPSS 14% CVSS 8.8
HIGH This Week

Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows remote attackers to execute arbitrary code via a defined event. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Node.js RCE Orion Network Performance Monitor +1
NVD GitHub
EPSS 36% CVSS 9.8
CRITICAL Act Now

SolarWinds Orion NPM before 12.4 suffers from a SYSTEM remote code execution vulnerability in the OrionModuleEngine service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js RCE Orion Network Performance Monitor
NVD GitHub
EPSS 78% 5.3 CVSS 7.5
HIGH POC THREAT Act Now

Multiple SQL injection vulnerabilities in the Manage Accounts page in the AccountManagement.asmx service in the Solarwinds Orion Platform 2015.1, as used in Network Performance Monitor (NPM) before. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 77.5%.

SQLi Node.js Orion Ip Address Manager +7
NVD Exploit-DB GitHub
EPSS 10% CVSS 4.3
MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in IPAMSummaryView.aspx in the IPAM web interface before 3.0-HotFix1 in SolarWinds Orion Network Performance Monitor might allow remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Ip Address Manager Web Interface Orion Network Performance Monitor
NVD Exploit-DB
EPSS 9% CVSS 6.8
MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) before 10.3.1 allow remote attackers to hijack the authentication of administrators. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Node.js Orion Network Performance Monitor
NVD Exploit-DB
EPSS 19% CVSS 4.3
MEDIUM POC THREAT This Month

Multiple cross-site scripting (XSS) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) before 10.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 18.7%.

Node.js XSS Orion Network Performance Monitor
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy