Filtered by vendor Solarwinds
Subscriptions
Total
260 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-36961 | 1 Solarwinds | 1 Orion Platform | 2024-08-03 | 8.8 High |
A vulnerable component of Orion Platform was vulnerable to SQL Injection, an authenticated attacker could leverage this for privilege escalation or remote code execution. | ||||
CVE-2022-36960 | 1 Solarwinds | 1 Orion Platform | 2024-08-03 | 8.8 High |
SolarWinds Platform was susceptible to Improper Input Validation. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to escalate user privileges. | ||||
CVE-2022-36966 | 1 Solarwinds | 1 Orion Platform | 2024-08-03 | 5.4 Medium |
Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds Platform 2022.3 and previous. | ||||
CVE-2022-36958 | 1 Solarwinds | 1 Orion Platform | 2024-08-03 | 8.8 High |
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands. | ||||
CVE-2022-36957 | 1 Solarwinds | 1 Orion Platform | 2024-08-03 | 7.2 High |
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands. | ||||
CVE-2023-50395 | 1 Solarwinds | 1 Solarwinds Platform | 2024-08-02 | 8 High |
SQL Injection Remote Code Execution Vulnerability was found using an update statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited | ||||
CVE-2023-40056 | 1 Solarwinds | 1 Solarwinds Platform | 2024-08-02 | 8 High |
SQL Injection Remote Code Vulnerability was found in the SolarWinds Platform. This vulnerability can be exploited with a low privileged account. | ||||
CVE-2023-40061 | 1 Solarwinds | 1 Solarwinds Platform | 2024-08-02 | 8.8 High |
Insecure job execution mechanism vulnerability. This vulnerability can lead to other attacks as a result. | ||||
CVE-2023-40053 | 1 Solarwinds | 1 Serv-u | 2024-08-02 | 5 Medium |
A vulnerability has been identified within Serv-U 15.4 that allows an authenticated actor to insert content on the file share function feature of Serv-U, which could be used maliciously. | ||||
CVE-2023-40060 | 1 Solarwinds | 1 Serv-u | 2024-08-02 | 7.2 High |
A vulnerability has been identified within Serv-U 15.4 and 15.4 Hotfix 1 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action. 15.4. SolarWinds found that the issue was not completely fixed in 15.4 Hotfix 1. | ||||
CVE-2023-35180 | 1 Solarwinds | 1 Access Rights Manager | 2024-08-02 | 8 High |
The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows authenticated users to abuse SolarWinds ARM API. | ||||
CVE-2023-35179 | 1 Solarwinds | 1 Serv-u | 2024-08-02 | 7.2 High |
A vulnerability has been identified within Serv-U 15.4 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action. | ||||
CVE-2023-35182 | 1 Solarwinds | 1 Access Rights Manager | 2024-08-02 | 8.8 High |
The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability can be abused by unauthenticated users on SolarWinds ARM Server. | ||||
CVE-2023-35186 | 1 Solarwinds | 1 Access Rights Manager | 2024-08-02 | 8 High |
The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an authenticated user to abuse SolarWinds service resulting in remote code execution. | ||||
CVE-2023-35188 | 1 Solarwinds | 1 Solarwinds Platform | 2024-08-02 | 8 High |
SQL Injection Remote Code Execution Vulnerability was found using a create statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited. | ||||
CVE-2023-35184 | 1 Solarwinds | 1 Access Rights Manager | 2024-08-02 | 8.8 High |
The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an unauthenticated user to abuse a SolarWinds service resulting in a remote code execution. | ||||
CVE-2023-35181 | 1 Solarwinds | 1 Access Rights Manager | 2024-08-02 | 7.8 High |
The SolarWinds Access Rights Manager was susceptible to Privilege Escalation Vulnerability. This vulnerability allows users to abuse incorrect folder permission resulting in Privilege Escalation. | ||||
CVE-2023-35183 | 1 Solarwinds | 1 Access Rights Manager | 2024-08-02 | 7.8 High |
The SolarWinds Access Rights Manager was susceptible to Privilege Escalation Vulnerability. This vulnerability allows authenticated users to abuse local resources to Privilege Escalation. | ||||
CVE-2023-35185 | 1 Solarwinds | 1 Access Rights Manager | 2024-08-02 | 6.8 Medium |
The SolarWinds Access Rights Manager was susceptible to a Directory Traversal Remote Code Vulnerability using SYSTEM privileges. | ||||
CVE-2023-35187 | 1 Solarwinds | 1 Access Rights Manager | 2024-08-02 | 8.8 High |
The SolarWinds Access Rights Manager was susceptible to a Directory Traversal Remote Code Vulnerability. This vulnerability allows an unauthenticated user to achieve the Remote Code Execution. |