Filtered by vendor Solarwinds
Subscribe
Total
223 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-9017 | 1 Solarwinds | 1 Dameware Mini Remote Control | 2023-09-25 | 5.0 MEDIUM | 7.5 HIGH |
| DWRCC in SolarWinds DameWare Mini Remote Control 10.0 x64 has a Buffer Overflow associated with the size field for the machine name. | |||||
| CVE-2023-23840 | 1 Solarwinds | 1 Orion Platform | 2023-09-15 | N/A | 7.2 HIGH |
| The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges. | |||||
| CVE-2023-23845 | 1 Solarwinds | 1 Orion Platform | 2023-09-15 | N/A | 7.2 HIGH |
| The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges. | |||||
| CVE-2023-40060 | 1 Solarwinds | 1 Serv-u | 2023-09-14 | N/A | 7.2 HIGH |
| A vulnerability has been identified within Serv-U 15.4 and 15.4 Hotfix 1 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action. 15.4. SolarWinds found that the issue was not completely fixed in 15.4 Hotfix 1. | |||||
| CVE-2023-35179 | 1 Solarwinds | 1 Serv-u | 2023-09-14 | N/A | 7.2 HIGH |
| A vulnerability has been identified within Serv-U 15.4 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action. | |||||
| CVE-2023-3622 | 1 Solarwinds | 1 Solarwinds Platform | 2023-09-14 | N/A | 4.3 MEDIUM |
| Access Control Bypass Vulnerability in the SolarWinds Platform that allows an underprivileged user to read arbitrary resource | |||||
| CVE-2023-33225 | 1 Solarwinds | 1 Solarwinds Platform | 2023-09-14 | N/A | 7.2 HIGH |
| The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with SYSTEM privileges. | |||||
| CVE-2023-33229 | 1 Solarwinds | 1 Solarwinds Platform | 2023-09-14 | N/A | 3.5 LOW |
| The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform account to append URL parameters to inject passive HTML. | |||||
| CVE-2023-23842 | 1 Solarwinds | 1 Network Configuration Monitor | 2023-09-14 | N/A | 7.2 HIGH |
| The SolarWinds Network Configuration Manager was susceptible to the Directory Traversal Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands. | |||||
| CVE-2022-38112 | 1 Solarwinds | 1 Database Performance Analyzer | 2023-09-14 | N/A | 7.5 HIGH |
| In DPA 2022.4 and older releases, generated heap memory dumps contain sensitive information in cleartext. | |||||
| CVE-2021-35211 | 1 Solarwinds | 1 Serv-u | 2023-08-08 | 10.0 HIGH | 10.0 CRITICAL |
| Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability. If exploited, a threat actor may be able to gain privileged access to the machine hosting Serv-U Only. SolarWinds Serv-U Managed File Transfer and Serv-U Secure FTP for Windows before 15.2.3 HF2 are affected by this vulnerability. | |||||
| CVE-2023-23839 | 1 Solarwinds | 1 Solarwinds Platform | 2023-08-03 | N/A | 6.5 MEDIUM |
| The SolarWinds Platform was susceptible to the Exposure of Sensitive Information Vulnerability. This vulnerability allows users to access Orion.WebCommunityStrings SWIS schema object and obtain sensitive information. | |||||
| CVE-2023-23843 | 1 Solarwinds | 1 Solarwinds Platform | 2023-08-03 | N/A | 7.2 HIGH |
| The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands. | |||||
| CVE-2022-36960 | 1 Solarwinds | 1 Orion Platform | 2023-08-03 | N/A | 8.8 HIGH |
| SolarWinds Platform was susceptible to Improper Input Validation. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to escalate user privileges. | |||||
| CVE-2022-47507 | 1 Solarwinds | 1 Orion Platform | 2023-08-03 | N/A | 7.2 HIGH |
| SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands. | |||||
| CVE-2021-35248 | 2 Microsoft, Solarwinds | 2 Windows, Orion Platform | 2023-08-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| It has been reported that any Orion user, e.g. guest accounts can query the Orion.UserSettings entity and enumerate users and their basic settings. | |||||
| CVE-2023-23844 | 1 Solarwinds | 1 Solarwinds Platform | 2023-08-03 | N/A | 7.2 HIGH |
| The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with SYSTEM privileges. | |||||
| CVE-2022-47512 | 2 Microsoft, Solarwinds | 2 Windows, Solarwinds Platform | 2023-08-03 | N/A | 5.5 MEDIUM |
| Sensitive information was stored in plain text in a file that is accessible by a user with a local account in Hybrid Cloud Observability (HCO)/ SolarWinds Platform 2022.4. No other versions are affected | |||||
| CVE-2023-23841 | 1 Solarwinds | 1 Serv-u | 2023-08-03 | N/A | 7.5 HIGH |
| SolarWinds Serv-U is submitting an HTTP request when changing or updating the attributes for File Share or File request.? Part of the URL of the request discloses sensitive data. | |||||
| CVE-2022-47509 | 1 Solarwinds | 1 Orion Platform | 2023-08-03 | N/A | 6.1 MEDIUM |
| The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform account to append URL parameters to inject HTML. | |||||