Filtered by vendor Solarwinds
Subscriptions
Total
269 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-35235 | 1 Solarwinds | 1 Kiwi Syslog Server | 2024-09-17 | 5.3 Medium |
| The ASP.NET debug feature is enabled by default in Kiwi Syslog Server 9.7.2 and previous versions. ASP.NET allows remote debugging of web applications, if configured to do so. Debug mode causes ASP.NET to compile applications with extra information. The information enables a debugger to closely monitor and control the execution of an application. If an attacker could successfully start a remote debugging session, this is likely to disclose sensitive information about the web application and supporting infrastructure that may be valuable in targeting SWI with malicious intent. | ||||
| CVE-2021-35232 | 1 Solarwinds | 1 Webhelpdesk | 2024-09-17 | 6.8 Medium |
| Hard coded credentials discovered in SolarWinds Web Help Desk product. Through these credentials, the attacker with local access to the Web Help Desk host machine allows to execute arbitrary HQL queries against the database and leverage the vulnerability to steal the password hashes of the users or insert arbitrary data into the database. | ||||
| CVE-2024-28991 | 1 Solarwinds | 1 Access Rights Manager | 2024-09-17 | 9 Critical |
| SolarWinds Access Rights Manager (ARM) was found to be susceptible to a remote code execution vulnerability. If exploited, this vulnerability would allow an authenticated user to abuse the service, resulting in remote code execution. | ||||
| CVE-2012-4939 | 1 Solarwinds | 2 Ip Address Manager Web Interface, Orion Network Performance Monitor | 2024-09-17 | N/A |
| Cross-site scripting (XSS) vulnerability in IPAMSummaryView.aspx in the IPAM web interface before 3.0-HotFix1 in SolarWinds Orion Network Performance Monitor might allow remote attackers to inject arbitrary web script or HTML via the "Search for an IP address" field. | ||||
| CVE-2021-35247 | 1 Solarwinds | 1 Serv-u | 2024-09-17 | 4.3 Medium |
| Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized. SolarWinds has updated the input mechanism to perform additional validation and sanitization. Please Note: No downstream affect has been detected as the LDAP servers ignored improper characters. To insure proper input validation is completed in all environments. SolarWinds recommends scheduling an update to the latest version of Serv-U. | ||||
| CVE-2022-36960 | 1 Solarwinds | 1 Orion Platform | 2024-09-17 | 8.8 High |
| SolarWinds Platform was susceptible to Improper Input Validation. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to escalate user privileges. | ||||
| CVE-2002-2393 | 1 Solarwinds | 1 Serv-u File Server | 2024-09-17 | N/A |
| Serv-U FTP server 3.0, 3.1 and 4.0.0.4 does not accept new connections while validating user folder access rights, which allows remote attackers to cause a denial of service (no new connections) via a series of MKD commands. | ||||
| CVE-2021-35245 | 2 Microsoft, Solarwinds | 2 Windows, Serv-u | 2024-09-17 | 8.4 High |
| When a user has admin rights in Serv-U Console, the user can move, create and delete any files are able to be accessed on the Serv-U host machine. | ||||
| CVE-2022-38108 | 1 Solarwinds | 1 Orion Platform | 2024-09-17 | 7.2 High |
| SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands. | ||||
| CVE-2021-32076 | 1 Solarwinds | 1 Web Help Desk | 2024-09-17 | 5.3 Medium |
| Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2. An attacker can access the 'Web Help Desk Getting Started Wizard', especially the admin account creation page, from a non-privileged IP address network range or loopback address by intercepting the HTTP request and changing the referrer from the public IP address to the loopback. | ||||
| CVE-2017-7722 | 1 Solarwinds | 1 Log \& Event Manager | 2024-09-17 | N/A |
| In SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4, a menu system is encountered when the SSH service is accessed with "cmc" and "password" (the default username and password). By exploiting a vulnerability in the restrictssh feature of the menuing script, an attacker can escape from the restricted shell. | ||||
| CVE-2022-36962 | 1 Solarwinds | 1 Orion Platform | 2024-09-17 | 7.2 High |
| SolarWinds Platform was susceptible to Command Injection. This vulnerability allows a remote adversary with complete control over the SolarWinds database to execute arbitrary commands. | ||||
| CVE-2017-7646 | 1 Solarwinds | 1 Log \& Event Manager | 2024-09-17 | N/A |
| SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an authenticated user to browse the server's filesystem and read the contents of arbitrary files contained within. | ||||
| CVE-2022-38107 | 1 Solarwinds | 1 Sql Sentry | 2024-09-17 | 5.3 Medium |
| Sensitive information could be displayed when a detailed technical error message is posted. This information could disclose environmental details. | ||||
| CVE-2021-35250 | 1 Solarwinds | 1 Serv-u | 2024-09-17 | 7.5 High |
| A researcher reported a Directory Transversal Vulnerability in Serv-U 15.3. This may allow access to files relating to the Serv-U installation and server files. This issue has been resolved in Serv-U 15.3 Hotfix 1. | ||||
| CVE-2021-35225 | 1 Solarwinds | 1 Network Performance Monitor | 2024-09-17 | 5 Medium |
| Each authenticated Orion Platform user in a MSP (Managed Service Provider) environment can view and browse all NetPath Services from all that MSP's customers. This can lead to any user having a limited insight into other customer's infrastructure and potential data cross-contamination. | ||||
| CVE-2021-35228 | 1 Solarwinds | 1 Database Performance Analyzer | 2024-09-16 | 5.5 Medium |
| This vulnerability occurred due to missing input sanitization for one of the output fields that is extracted from headers on specific section of page causing a reflective cross site scripting attack. An attacker would need to perform a Man in the Middle attack in order to change header for a remote victim. | ||||
| CVE-2015-7839 | 1 Solarwinds | 1 Log And Event Manager | 2024-09-16 | N/A |
| SolarWinds Log and Event Manager (LEM) allows remote attackers to execute arbitrary commands on managed computers via a request to services/messagebroker/nonsecurestreamingamf involving the traceroute functionality. | ||||
| CVE-2017-7647 | 1 Solarwinds | 1 Log \& Event Manager | 2024-09-16 | N/A |
| SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an authenticated user to execute arbitrary commands. | ||||
| CVE-2022-36957 | 1 Solarwinds | 1 Orion Platform | 2024-09-16 | 7.2 High |
| SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands. | ||||