Filtered by vendor Solarwinds
Subscriptions
Total
269 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-36963 | 1 Solarwinds | 1 Orion Platform | 2024-08-03 | 7.2 High |
The SolarWinds Platform was susceptible to the Command Injection Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform admin account to execute arbitrary commands. | ||||
CVE-2023-50395 | 1 Solarwinds | 1 Solarwinds Platform | 2024-08-02 | 8 High |
SQL Injection Remote Code Execution Vulnerability was found using an update statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited | ||||
CVE-2023-40056 | 1 Solarwinds | 1 Solarwinds Platform | 2024-08-02 | 8 High |
SQL Injection Remote Code Vulnerability was found in the SolarWinds Platform. This vulnerability can be exploited with a low privileged account. | ||||
CVE-2023-40061 | 1 Solarwinds | 1 Solarwinds Platform | 2024-08-02 | 8.8 High |
Insecure job execution mechanism vulnerability. This vulnerability can lead to other attacks as a result. | ||||
CVE-2023-40053 | 1 Solarwinds | 1 Serv-u | 2024-08-02 | 5 Medium |
A vulnerability has been identified within Serv-U 15.4 that allows an authenticated actor to insert content on the file share function feature of Serv-U, which could be used maliciously. | ||||
CVE-2023-40060 | 1 Solarwinds | 1 Serv-u | 2024-08-02 | 7.2 High |
A vulnerability has been identified within Serv-U 15.4 and 15.4 Hotfix 1 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action. 15.4. SolarWinds found that the issue was not completely fixed in 15.4 Hotfix 1. | ||||
CVE-2023-35179 | 1 Solarwinds | 1 Serv-u | 2024-08-02 | 7.2 High |
A vulnerability has been identified within Serv-U 15.4 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action. | ||||
CVE-2023-35188 | 1 Solarwinds | 1 Solarwinds Platform | 2024-08-02 | 8 High |
SQL Injection Remote Code Execution Vulnerability was found using a create statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited. | ||||
CVE-2023-35185 | 1 Solarwinds | 1 Access Rights Manager | 2024-08-02 | 6.8 Medium |
The SolarWinds Access Rights Manager was susceptible to a Directory Traversal Remote Code Vulnerability using SYSTEM privileges. | ||||
CVE-2023-33225 | 1 Solarwinds | 1 Solarwinds Platform | 2024-08-02 | 7.2 High |
The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with SYSTEM privileges. | ||||
CVE-2023-33224 | 1 Solarwinds | 1 Solarwinds Platform | 2024-08-02 | 7.2 High |
The SolarWinds Platform was susceptible to the Incorrect Behavior Order Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges. | ||||
CVE-2023-33229 | 1 Solarwinds | 1 Solarwinds Platform | 2024-08-02 | 3.5 Low |
The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform account to append URL parameters to inject passive HTML. | ||||
CVE-2023-33231 | 1 Solarwinds | 1 Database Performance Analyzer | 2024-08-02 | 6.1 Medium |
XSS attack was possible in DPA 2023.2 due to insufficient input validation | ||||
CVE-2023-23845 | 1 Solarwinds | 1 Orion Platform | 2024-08-02 | 6.8 Medium |
The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges. | ||||
CVE-2023-23844 | 1 Solarwinds | 1 Solarwinds Platform | 2024-08-02 | 7.2 High |
The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with SYSTEM privileges. | ||||
CVE-2023-23842 | 1 Solarwinds | 1 Network Configuration Monitor | 2024-08-02 | 7.2 High |
The SolarWinds Network Configuration Manager was susceptible to the Directory Traversal Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands. | ||||
CVE-2023-23837 | 2 Microsoft, Solarwinds | 2 Windows, Database Performance Analyzer | 2024-08-02 | 7.5 High |
No exception handling vulnerability which revealed sensitive or excessive information to users. | ||||
CVE-2023-23843 | 1 Solarwinds | 1 Solarwinds Platform | 2024-08-02 | 7.2 High |
The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands. | ||||
CVE-2023-23841 | 1 Solarwinds | 1 Serv-u | 2024-08-02 | 7.5 High |
SolarWinds Serv-U is submitting an HTTP request when changing or updating the attributes for File Share or File request. Part of the URL of the request discloses sensitive data. | ||||
CVE-2023-23838 | 2 Microsoft, Solarwinds | 2 Windows, Database Performance Analyzer | 2024-08-02 | 6.5 Medium |
Directory traversal and file enumeration vulnerability which allowed users to enumerate to different folders of the server. |