Filtered by vendor Solarwinds Subscriptions
Total 260 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-36961 1 Solarwinds 1 Orion Platform 2024-08-03 8.8 High
A vulnerable component of Orion Platform was vulnerable to SQL Injection, an authenticated attacker could leverage this for privilege escalation or remote code execution.
CVE-2022-36960 1 Solarwinds 1 Orion Platform 2024-08-03 8.8 High
SolarWinds Platform was susceptible to Improper Input Validation. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to escalate user privileges.
CVE-2022-36966 1 Solarwinds 1 Orion Platform 2024-08-03 5.4 Medium
Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds Platform 2022.3 and previous.
CVE-2022-36958 1 Solarwinds 1 Orion Platform 2024-08-03 8.8 High
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands.
CVE-2022-36957 1 Solarwinds 1 Orion Platform 2024-08-03 7.2 High
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
CVE-2023-50395 1 Solarwinds 1 Solarwinds Platform 2024-08-02 8 High
SQL Injection Remote Code Execution Vulnerability was found using an update statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited
CVE-2023-40056 1 Solarwinds 1 Solarwinds Platform 2024-08-02 8 High
SQL Injection Remote Code Vulnerability was found in the SolarWinds Platform. This vulnerability can be exploited with a low privileged account.
CVE-2023-40061 1 Solarwinds 1 Solarwinds Platform 2024-08-02 8.8 High
 Insecure job execution mechanism vulnerability. This vulnerability can lead to other attacks as a result.
CVE-2023-40053 1 Solarwinds 1 Serv-u 2024-08-02 5 Medium
A vulnerability has been identified within Serv-U 15.4 that allows an authenticated actor to insert content on the file share function feature of Serv-U, which could be used maliciously.
CVE-2023-40060 1 Solarwinds 1 Serv-u 2024-08-02 7.2 High
A vulnerability has been identified within Serv-U 15.4 and 15.4 Hotfix 1 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action. 15.4.  SolarWinds found that the issue was not completely fixed in 15.4 Hotfix 1. 
CVE-2023-35180 1 Solarwinds 1 Access Rights Manager 2024-08-02 8 High
The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows authenticated users to abuse SolarWinds ARM API.
CVE-2023-35179 1 Solarwinds 1 Serv-u 2024-08-02 7.2 High
A vulnerability has been identified within Serv-U 15.4 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action. 
CVE-2023-35182 1 Solarwinds 1 Access Rights Manager 2024-08-02 8.8 High
The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability can be abused by unauthenticated users on SolarWinds ARM Server.
CVE-2023-35186 1 Solarwinds 1 Access Rights Manager 2024-08-02 8 High
The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an authenticated user to abuse SolarWinds service resulting in remote code execution.
CVE-2023-35188 1 Solarwinds 1 Solarwinds Platform 2024-08-02 8 High
SQL Injection Remote Code Execution Vulnerability was found using a create statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited.
CVE-2023-35184 1 Solarwinds 1 Access Rights Manager 2024-08-02 8.8 High
The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an unauthenticated user to abuse a SolarWinds service resulting in a remote code execution.
CVE-2023-35181 1 Solarwinds 1 Access Rights Manager 2024-08-02 7.8 High
The SolarWinds Access Rights Manager was susceptible to Privilege Escalation Vulnerability. This vulnerability allows users to abuse incorrect folder permission resulting in Privilege Escalation.
CVE-2023-35183 1 Solarwinds 1 Access Rights Manager 2024-08-02 7.8 High
The SolarWinds Access Rights Manager was susceptible to Privilege Escalation Vulnerability. This vulnerability allows authenticated users to abuse local resources to Privilege Escalation.
CVE-2023-35185 1 Solarwinds 1 Access Rights Manager 2024-08-02 6.8 Medium
The SolarWinds Access Rights Manager was susceptible to a Directory Traversal Remote Code Vulnerability using SYSTEM privileges.
CVE-2023-35187 1 Solarwinds 1 Access Rights Manager 2024-08-02 8.8 High
The SolarWinds Access Rights Manager was susceptible to a Directory Traversal Remote Code Vulnerability. This vulnerability allows an unauthenticated user to achieve the Remote Code Execution.