Filtered by vendor Solarwinds
Subscriptions
Total
290 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-35179 | 1 Solarwinds | 1 Serv-u | 2024-11-21 | 7.2 High |
| A vulnerability has been identified within Serv-U 15.4 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action. | ||||
| CVE-2023-33231 | 1 Solarwinds | 1 Database Performance Analyzer | 2024-11-21 | 6.1 Medium |
| XSS attack was possible in DPA 2023.2 due to insufficient input validation | ||||
| CVE-2023-33229 | 1 Solarwinds | 1 Solarwinds Platform | 2024-11-21 | 3.5 Low |
| The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform account to append URL parameters to inject passive HTML. | ||||
| CVE-2023-33228 | 1 Solarwinds | 1 Network Configuration Manager | 2024-11-21 | 4.5 Medium |
| The SolarWinds Network Configuration Manager was susceptible to the Exposure of Sensitive Information Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to obtain sensitive information. | ||||
| CVE-2023-33227 | 1 Solarwinds | 1 Network Configuration Manager | 2024-11-21 | 8 High |
| The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability This vulnerability allows a low level user to perform the actions with SYSTEM privileges. | ||||
| CVE-2023-33226 | 1 Solarwinds | 1 Network Configuration Manager | 2024-11-21 | 8 High |
| The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows a low-level user to perform the actions with SYSTEM privileges. | ||||
| CVE-2023-33225 | 1 Solarwinds | 1 Solarwinds Platform | 2024-11-21 | 7.2 High |
| The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with SYSTEM privileges. | ||||
| CVE-2023-33224 | 1 Solarwinds | 1 Solarwinds Platform | 2024-11-21 | 7.2 High |
| The SolarWinds Platform was susceptible to the Incorrect Behavior Order Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges. | ||||
| CVE-2023-23844 | 1 Solarwinds | 1 Solarwinds Platform | 2024-11-21 | 7.2 High |
| The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with SYSTEM privileges. | ||||
| CVE-2023-23843 | 1 Solarwinds | 1 Solarwinds Platform | 2024-11-21 | 7.2 High |
| The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands. | ||||
| CVE-2023-23842 | 1 Solarwinds | 1 Network Configuration Monitor | 2024-11-21 | 7.2 High |
| The SolarWinds Network Configuration Manager was susceptible to the Directory Traversal Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands. | ||||
| CVE-2022-47512 | 2 Microsoft, Solarwinds | 2 Windows, Solarwinds Platform | 2024-11-21 | 5.5 Medium |
| Sensitive information was stored in plain text in a file that is accessible by a user with a local account in Hybrid Cloud Observability (HCO)/ SolarWinds Platform 2022.4. No other versions are affected | ||||
| CVE-2022-47012 | 1 Solarwinds | 1 Dynamips | 2024-11-21 | 7.5 High |
| Use of uninitialized variable in function gen_eth_recv in GNS3 dynamips 0.2.21. | ||||
| CVE-2022-38115 | 1 Solarwinds | 1 Security Event Manager | 2024-11-21 | 5.3 Medium |
| Insecure method vulnerability in which allowed HTTP methods are disclosed. E.g., OPTIONS, DELETE, TRACE, and PUT | ||||
| CVE-2022-38114 | 1 Solarwinds | 1 Security Event Manager | 2024-11-21 | 6.1 Medium |
| This vulnerability occurs when a web server fails to correctly process the Content-Length of POST requests. This can lead to HTTP request smuggling or XSS. | ||||
| CVE-2022-38113 | 1 Solarwinds | 1 Security Event Manager | 2024-11-21 | 5.3 Medium |
| This vulnerability discloses build and services versions in the server response header. | ||||
| CVE-2022-38112 | 1 Solarwinds | 1 Database Performance Analyzer | 2024-11-21 | 7.5 High |
| In DPA 2022.4 and older releases, generated heap memory dumps contain sensitive information in cleartext. | ||||
| CVE-2022-38110 | 1 Solarwinds | 1 Database Performance Analyzer | 2024-11-21 | 5.4 Medium |
| In Database Performance Analyzer (DPA) 2022.4 and older releases, certain URL vectors are susceptible to authenticated reflected cross-site scripting. | ||||
| CVE-2022-38108 | 1 Solarwinds | 1 Orion Platform | 2024-11-21 | 7.2 High |
| SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands. | ||||
| CVE-2022-38107 | 1 Solarwinds | 1 Sql Sentry | 2024-11-21 | 5.3 Medium |
| Sensitive information could be displayed when a detailed technical error message is posted. This information could disclose environmental details. | ||||