Filtered by vendor Solarwinds
Subscribe
Total
249 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-23836 | 1 Solarwinds | 1 Orion Platform | 2023-12-10 | N/A | 7.2 HIGH |
SolarWinds Platform version 2022.4.1 was found to be susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to the SolarWinds Web Console to execute arbitrary commands. | |||||
CVE-2022-36964 | 1 Solarwinds | 1 Orion Platform | 2023-12-10 | N/A | 8.8 HIGH |
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands. | |||||
CVE-2022-38111 | 1 Solarwinds | 1 Orion Platform | 2023-12-10 | N/A | 7.2 HIGH |
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands. | |||||
CVE-2022-38112 | 1 Solarwinds | 1 Database Performance Analyzer | 2023-12-10 | N/A | 7.5 HIGH |
In DPA 2022.4 and older releases, generated heap memory dumps contain sensitive information in cleartext. | |||||
CVE-2022-38114 | 1 Solarwinds | 1 Security Event Manager | 2023-12-10 | N/A | 6.1 MEDIUM |
This vulnerability occurs when a web server fails to correctly process the Content-Length of POST requests. This can lead to HTTP request smuggling or XSS. | |||||
CVE-2022-38113 | 1 Solarwinds | 1 Security Event Manager | 2023-12-10 | N/A | 5.3 MEDIUM |
This vulnerability discloses build and services versions in the server response header. | |||||
CVE-2022-36966 | 1 Solarwinds | 1 Orion Platform | 2023-12-10 | N/A | 5.4 MEDIUM |
Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds Platform 2022.3 and previous. | |||||
CVE-2022-36965 | 1 Solarwinds | 1 Solarwinds Platform | 2023-12-10 | N/A | 6.1 MEDIUM |
Insufficient sanitization of inputs in QoE application input field could lead to stored and Dom based XSS attack. This issue is fixed and released in SolarWinds Platform (2022.3.0). | |||||
CVE-2022-38107 | 1 Solarwinds | 1 Sql Sentry | 2023-12-10 | N/A | 5.3 MEDIUM |
Sensitive information could be displayed when a detailed technical error message is posted. This information could disclose environmental details. | |||||
CVE-2022-38108 | 1 Solarwinds | 1 Orion Platform | 2023-12-10 | N/A | 7.2 HIGH |
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands. | |||||
CVE-2022-36957 | 1 Solarwinds | 1 Orion Platform | 2023-12-10 | N/A | 7.2 HIGH |
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands. | |||||
CVE-2021-35226 | 1 Solarwinds | 1 Network Configuration Manager | 2023-12-10 | N/A | 6.5 MEDIUM |
An entity in Network Configuration Manager product is misconfigured and exposing password field to Solarwinds Information Service (SWIS). Exposed credentials are encrypted and require authenticated access with an NCM role. | |||||
CVE-2022-36958 | 1 Solarwinds | 1 Orion Platform | 2023-12-10 | N/A | 8.8 HIGH |
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands. | |||||
CVE-2022-36961 | 1 Solarwinds | 1 Orion Platform | 2023-12-10 | N/A | 8.8 HIGH |
A vulnerable component of Orion Platform was vulnerable to SQL Injection, an authenticated attacker could leverage this for privilege escalation or remote code execution. | |||||
CVE-2021-35249 | 1 Solarwinds | 1 Serv-u | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
This broken access control vulnerability pertains specifically to a domain admin who can access configuration & user data of other domains which they should not have access to. Please note the admin is unable to modify the data (read only operation). This UAC issue leads to a data leak to unauthorized users for a domain, with no log of them accessing the data unless they attempt to modify it. This read-only activity is logged to the original domain and does not specify which domain was accessed. | |||||
CVE-2021-35250 | 1 Solarwinds | 1 Serv-u | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
A researcher reported a Directory Transversal Vulnerability in Serv-U 15.3. This may allow access to files relating to the Serv-U installation and server files. This issue has been resolved in Serv-U 15.3 Hotfix 1. | |||||
CVE-2021-35251 | 1 Solarwinds | 1 Web Help Desk | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
Sensitive information could be displayed when a detailed technical error message is posted. This information could disclose environmental details about the Web Help Desk installation. | |||||
CVE-2021-35229 | 1 Solarwinds | 2 Database Performance Analyzer, Database Performance Monitor | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting vulnerability is present in Database Performance Monitor 2022.1.7779 and previous versions when using a complex SQL query | |||||
CVE-2021-35254 | 1 Solarwinds | 1 Webhelpdesk | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
SolarWinds received a report of a vulnerability related to an input that was not sanitized in WebHelpDesk. SolarWinds has removed this input field to prevent the misuse of this input in the future. | |||||
CVE-2021-35233 | 1 Solarwinds | 1 Kiwi Syslog Server | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
The HTTP TRACK & TRACE methods were enabled in Kiwi Syslog Server 9.7.1 and earlier. These methods are intended for diagnostic purposes only. If enabled, the web server will respond to requests that use these methods by returning exact HTTP request that was received in the response to the client. This may lead to the disclosure of sensitive information such as internal authentication headers appended by reverse proxies. |