Filtered by vendor Solarwinds
Subscribe
Total
249 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-23841 | 1 Solarwinds | 1 Serv-u | 2023-12-10 | N/A | 7.5 HIGH |
SolarWinds Serv-U is submitting an HTTP request when changing or updating the attributes for File Share or File request.? Part of the URL of the request discloses sensitive data. | |||||
CVE-2022-47509 | 1 Solarwinds | 1 Orion Platform | 2023-12-10 | N/A | 6.1 MEDIUM |
The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform account to append URL parameters to inject HTML. | |||||
CVE-2023-23837 | 2 Microsoft, Solarwinds | 2 Windows, Database Performance Analyzer | 2023-12-10 | N/A | 7.5 HIGH |
No exception handling vulnerability which revealed sensitive or excessive information to users. | |||||
CVE-2022-47505 | 1 Solarwinds | 1 Orion Platform | 2023-12-10 | N/A | 7.8 HIGH |
The SolarWinds Platform was susceptible to the Local Privilege Escalation Vulnerability. This vulnerability allows a local adversary with a valid system user account to escalate local privileges. | |||||
CVE-2022-36963 | 1 Solarwinds | 1 Orion Platform | 2023-12-10 | N/A | 7.2 HIGH |
The SolarWinds Platform was susceptible to the Command Injection Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform admin account to execute arbitrary commands. | |||||
CVE-2023-23838 | 2 Microsoft, Solarwinds | 2 Windows, Database Performance Analyzer | 2023-12-10 | N/A | 6.5 MEDIUM |
Directory traversal and file enumeration vulnerability which allowed users to enumerate to different folders of the server. | |||||
CVE-2022-36960 | 1 Solarwinds | 1 Orion Platform | 2023-12-10 | N/A | 8.8 HIGH |
SolarWinds Platform was susceptible to Improper Input Validation. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to escalate user privileges. | |||||
CVE-2022-47012 | 1 Solarwinds | 1 Dynamips | 2023-12-10 | N/A | 7.5 HIGH |
Use of uninitialized variable in function gen_eth_recv in GNS3 dynamips 0.2.21. | |||||
CVE-2021-35252 | 1 Solarwinds | 1 Serv-u | 2023-12-10 | N/A | 7.5 HIGH |
Common encryption key appears to be used across all deployed instances of Serv-U FTP Server. Because of this an encrypted value that is exposed to an attacker can be simply recovered to plaintext. | |||||
CVE-2022-47507 | 1 Solarwinds | 1 Orion Platform | 2023-12-10 | N/A | 7.2 HIGH |
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands. | |||||
CVE-2022-47508 | 1 Solarwinds | 1 Server And Application Monitor | 2023-12-10 | N/A | 7.5 HIGH |
Customers who had configured their polling to occur via Kerberos did not expect NTLM Traffic on their environment, but since we were querying for data via IP address this prevented us from utilizing Kerberos. | |||||
CVE-2022-47512 | 2 Microsoft, Solarwinds | 2 Windows, Solarwinds Platform | 2023-12-10 | N/A | 5.5 MEDIUM |
Sensitive information was stored in plain text in a file that is accessible by a user with a local account in Hybrid Cloud Observability (HCO)/ SolarWinds Platform 2022.4. No other versions are affected | |||||
CVE-2022-36962 | 1 Solarwinds | 1 Orion Platform | 2023-12-10 | N/A | 7.2 HIGH |
SolarWinds Platform was susceptible to Command Injection. This vulnerability allows a remote adversary with complete control over the SolarWinds database to execute arbitrary commands. | |||||
CVE-2022-38106 | 1 Solarwinds | 1 Serv-u | 2023-12-10 | N/A | 5.4 MEDIUM |
This vulnerability happens in the web client versions 15.3.0 to Serv-U 15.3.1. This vulnerability affects the directory creation function. | |||||
CVE-2021-35246 | 1 Solarwinds | 1 Engineer\'s Toolset | 2023-12-10 | N/A | 5.3 MEDIUM |
The application fails to prevent users from connecting to it over unencrypted connections. An attacker able to modify a legitimate user's network traffic could bypass the application's use of SSL/TLS encryption and use the application as a platform for attacks against its users. | |||||
CVE-2022-38115 | 1 Solarwinds | 1 Security Event Manager | 2023-12-10 | N/A | 5.3 MEDIUM |
Insecure method vulnerability in which allowed HTTP methods are disclosed. E.g., OPTIONS, DELETE, TRACE, and PUT | |||||
CVE-2022-38110 | 1 Solarwinds | 1 Database Performance Analyzer | 2023-12-10 | N/A | 5.4 MEDIUM |
In Database Performance Analyzer (DPA) 2022.4 and older releases, certain URL vectors are susceptible to authenticated reflected cross-site scripting. | |||||
CVE-2022-47506 | 1 Solarwinds | 1 Orion Platform | 2023-12-10 | N/A | 7.8 HIGH |
SolarWinds Platform was susceptible to the Directory Traversal Vulnerability. This vulnerability allows a local adversary with authenticated account access to edit the default configuration, enabling the execution of arbitrary commands. | |||||
CVE-2022-47503 | 1 Solarwinds | 1 Orion Platform | 2023-12-10 | N/A | 7.2 HIGH |
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands. | |||||
CVE-2022-47504 | 1 Solarwinds | 1 Orion Platform | 2023-12-10 | N/A | 7.2 HIGH |
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands. |