Filtered by vendor Solarwinds
Subscribe
Total
289 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-40062 | 1 Solarwinds | 1 Solarwinds Platform | 2023-11-09 | N/A | 8.8 HIGH |
| SolarWinds Platform Incomplete List of Disallowed Inputs Remote Code Execution Vulnerability. If executed, this vulnerability would allow a low-privileged user to execute commands with SYSTEM privileges. | |||||
| CVE-2023-33228 | 1 Solarwinds | 1 Network Configuration Manager | 2023-11-09 | N/A | 4.9 MEDIUM |
| The SolarWinds Network Configuration Manager was susceptible to the Exposure of Sensitive Information Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to obtain sensitive information. | |||||
| CVE-2023-33227 | 1 Solarwinds | 1 Network Configuration Manager | 2023-11-09 | N/A | 8.8 HIGH |
| The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability This vulnerability allows a low level user to perform the actions with SYSTEM privileges. | |||||
| CVE-2023-33226 | 1 Solarwinds | 1 Network Configuration Manager | 2023-11-09 | N/A | 8.8 HIGH |
| The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows a low-level user to perform the actions with SYSTEM privileges. | |||||
| CVE-2023-23841 | 1 Solarwinds | 1 Serv-u | 2023-11-07 | N/A | 7.5 HIGH |
| SolarWinds Serv-U is submitting an HTTP request when changing or updating the attributes for File Share or File request.? Part of the URL of the request discloses sensitive data. | |||||
| CVE-2019-20002 | 1 Solarwinds | 1 Webhelpdesk | 2023-11-07 | 6.0 MEDIUM | 7.8 HIGH |
| Formula Injection exists in the export feature in SolarWinds WebHelpDesk 12.7.1 via a value (provided by a low-privileged user in the Subject field of a help request form) that is mishandled in a TicketActions/view?tab=group TSV export by an admin user. | |||||
| CVE-2019-12769 | 1 Solarwinds | 1 Serv-u Managed File Transfer | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| SolarWinds Serv-U Managed File Transfer (MFT) Web client before 15.1.6 Hotfix 2 is vulnerable to Cross-Site Request Forgery in the file upload functionality via ?Command=Upload with the Dir and File parameters. | |||||
| CVE-2023-23842 | 1 Solarwinds | 1 Network Configuration Monitor | 2023-10-30 | N/A | 7.2 HIGH |
| The SolarWinds Network Configuration Manager was susceptible to the Directory Traversal Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands. | |||||
| CVE-2023-33229 | 1 Solarwinds | 1 Solarwinds Platform | 2023-10-30 | N/A | 3.5 LOW |
| The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform account to append URL parameters to inject passive HTML. | |||||
| CVE-2023-35187 | 1 Solarwinds | 1 Access Rights Manager | 2023-10-25 | N/A | 9.8 CRITICAL |
| The SolarWinds Access Rights Manager was susceptible to a Directory Traversal Remote Code Vulnerability. This vulnerability allows an unauthenticated user to achieve the Remote Code Execution. | |||||
| CVE-2023-35186 | 1 Solarwinds | 1 Access Rights Manager | 2023-10-25 | N/A | 8.8 HIGH |
| The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an authenticated user to abuse SolarWinds service resulting in remote code execution. | |||||
| CVE-2023-35184 | 1 Solarwinds | 1 Access Rights Manager | 2023-10-25 | N/A | 9.8 CRITICAL |
| The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an unauthenticated user to abuse a SolarWinds service resulting in a remote code execution. | |||||
| CVE-2023-35183 | 1 Solarwinds | 1 Access Rights Manager | 2023-10-25 | N/A | 7.8 HIGH |
| The SolarWinds Access Rights Manager was susceptible to Privilege Escalation Vulnerability. This vulnerability allows authenticated users to abuse local resources to Privilege Escalation. | |||||
| CVE-2023-35182 | 1 Solarwinds | 1 Access Rights Manager | 2023-10-25 | N/A | 9.8 CRITICAL |
| The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability can be abused by unauthenticated users on SolarWinds ARM Server. | |||||
| CVE-2023-35181 | 1 Solarwinds | 1 Access Rights Manager | 2023-10-25 | N/A | 7.8 HIGH |
| The SolarWinds Access Rights Manager was susceptible to Privilege Escalation Vulnerability. This vulnerability allows users to abuse incorrect folder permission resulting in Privilege Escalation. | |||||
| CVE-2023-35180 | 1 Solarwinds | 1 Access Rights Manager | 2023-10-25 | N/A | 8.8 HIGH |
| The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows authenticated users to abuse SolarWinds ARM API. | |||||
| CVE-2023-35179 | 1 Solarwinds | 1 Serv-u | 2023-08-17 | N/A | 7.2 HIGH |
| A vulnerability has been identified within Serv-U 15.4 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action. | |||||
| CVE-2022-47509 | 1 Solarwinds | 1 Orion Platform | 2023-08-03 | N/A | 6.1 MEDIUM |
| The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform account to append URL parameters to inject HTML. | |||||
| CVE-2022-47505 | 1 Solarwinds | 1 Orion Platform | 2023-08-03 | N/A | 7.8 HIGH |
| The SolarWinds Platform was susceptible to the Local Privilege Escalation Vulnerability. This vulnerability allows a local adversary with a valid system user account to escalate local privileges. | |||||
| CVE-2023-23836 | 1 Solarwinds | 1 Orion Platform | 2023-08-03 | N/A | 7.2 HIGH |
| SolarWinds Platform version 2022.4.1 was found to be susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to the SolarWinds Web Console to execute arbitrary commands. | |||||