Filtered by vendor Solarwinds
Subscribe
Total
289 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-47507 | 1 Solarwinds | 1 Orion Platform | 2023-08-03 | N/A | 7.2 HIGH |
| SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands. | |||||
| CVE-2022-47506 | 1 Solarwinds | 1 Orion Platform | 2023-08-03 | N/A | 7.8 HIGH |
| SolarWinds Platform was susceptible to the Directory Traversal Vulnerability. This vulnerability allows a local adversary with authenticated account access to edit the default configuration, enabling the execution of arbitrary commands. | |||||
| CVE-2023-23844 | 1 Solarwinds | 1 Solarwinds Platform | 2023-08-03 | N/A | 7.2 HIGH |
| The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with SYSTEM privileges. | |||||
| CVE-2023-33224 | 1 Solarwinds | 1 Solarwinds Platform | 2023-08-03 | N/A | 7.2 HIGH |
| The SolarWinds Platform was susceptible to the Incorrect Behavior Order Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges. | |||||
| CVE-2021-35246 | 1 Solarwinds | 1 Engineer\'s Toolset | 2023-08-03 | N/A | 5.3 MEDIUM |
| The application fails to prevent users from connecting to it over unencrypted connections. An attacker able to modify a legitimate user's network traffic could bypass the application's use of SSL/TLS encryption and use the application as a platform for attacks against its users. | |||||
| CVE-2023-23839 | 1 Solarwinds | 1 Solarwinds Platform | 2023-08-03 | N/A | 6.5 MEDIUM |
| The SolarWinds Platform was susceptible to the Exposure of Sensitive Information Vulnerability. This vulnerability allows users to access Orion.WebCommunityStrings SWIS schema object and obtain sensitive information. | |||||
| CVE-2023-33231 | 1 Solarwinds | 1 Database Performance Analyzer | 2023-08-03 | N/A | 6.1 MEDIUM |
| XSS attack was possible in DPA 2023.2 due to insufficient input validation | |||||
| CVE-2021-35226 | 1 Solarwinds | 1 Network Configuration Manager | 2023-08-03 | N/A | 6.5 MEDIUM |
| An entity in Network Configuration Manager product is misconfigured and exposing password field to Solarwinds Information Service (SWIS). Exposed credentials are encrypted and require authenticated access with an NCM role. | |||||
| CVE-2022-38114 | 1 Solarwinds | 1 Security Event Manager | 2023-08-03 | N/A | 6.1 MEDIUM |
| This vulnerability occurs when a web server fails to correctly process the Content-Length of POST requests. This can lead to HTTP request smuggling or XSS. | |||||
| CVE-2023-23843 | 1 Solarwinds | 1 Solarwinds Platform | 2023-08-03 | N/A | 7.2 HIGH |
| The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands. | |||||
| CVE-2022-47503 | 1 Solarwinds | 1 Orion Platform | 2023-08-03 | N/A | 7.2 HIGH |
| SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands. | |||||
| CVE-2022-47504 | 1 Solarwinds | 1 Orion Platform | 2023-08-03 | N/A | 7.2 HIGH |
| SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands. | |||||
| CVE-2022-38115 | 1 Solarwinds | 1 Security Event Manager | 2023-08-03 | N/A | 5.3 MEDIUM |
| Insecure method vulnerability in which allowed HTTP methods are disclosed. E.g., OPTIONS, DELETE, TRACE, and PUT | |||||
| CVE-2022-38106 | 1 Solarwinds | 1 Serv-u | 2023-08-03 | N/A | 5.4 MEDIUM |
| This vulnerability happens in the web client versions 15.3.0 to Serv-U 15.3.1. This vulnerability affects the directory creation function. | |||||
| CVE-2022-38113 | 1 Solarwinds | 1 Security Event Manager | 2023-08-03 | N/A | 5.3 MEDIUM |
| This vulnerability discloses build and services versions in the server response header. | |||||
| CVE-2022-38110 | 1 Solarwinds | 1 Database Performance Analyzer | 2023-08-03 | N/A | 5.4 MEDIUM |
| In Database Performance Analyzer (DPA) 2022.4 and older releases, certain URL vectors are susceptible to authenticated reflected cross-site scripting. | |||||
| CVE-2022-36963 | 1 Solarwinds | 1 Orion Platform | 2023-08-03 | N/A | 7.2 HIGH |
| The SolarWinds Platform was susceptible to the Command Injection Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform admin account to execute arbitrary commands. | |||||
| CVE-2021-35252 | 1 Solarwinds | 1 Serv-u | 2023-08-03 | N/A | 7.5 HIGH |
| Common encryption key appears to be used across all deployed instances of Serv-U FTP Server. Because of this an encrypted value that is exposed to an attacker can be simply recovered to plaintext. | |||||
| CVE-2021-35254 | 1 Solarwinds | 1 Webhelpdesk | 2023-06-26 | 6.5 MEDIUM | 8.8 HIGH |
| SolarWinds received a report of a vulnerability related to an input that was not sanitized in WebHelpDesk. SolarWinds has removed this input field to prevent the misuse of this input in the future. | |||||
| CVE-2022-47508 | 1 Solarwinds | 1 Server And Application Monitor | 2023-02-24 | N/A | 7.5 HIGH |
| Customers who had configured their polling to occur via Kerberos did not expect NTLM Traffic on their environment, but since we were querying for data via IP address this prevented us from utilizing Kerberos. | |||||