Filtered by vendor Solarwinds
Subscriptions
Total
290 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-38106 | 1 Solarwinds | 1 Serv-u | 2024-11-21 | 5.4 Medium |
| This vulnerability happens in the web client versions 15.3.0 to Serv-U 15.3.1. This vulnerability affects the directory creation function. | ||||
| CVE-2022-36966 | 1 Solarwinds | 1 Orion Platform | 2024-11-21 | 5.4 Medium |
| Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds Platform 2022.3 and previous. | ||||
| CVE-2022-36965 | 1 Solarwinds | 1 Solarwinds Platform | 2024-11-21 | 6.1 Medium |
| Insufficient sanitization of inputs in QoE application input field could lead to stored and Dom based XSS attack. This issue is fixed and released in SolarWinds Platform (2022.3.0). | ||||
| CVE-2022-36964 | 1 Solarwinds | 1 Orion Platform | 2024-11-21 | 8.8 High |
| SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands. | ||||
| CVE-2022-36962 | 1 Solarwinds | 1 Orion Platform | 2024-11-21 | 7.2 High |
| SolarWinds Platform was susceptible to Command Injection. This vulnerability allows a remote adversary with complete control over the SolarWinds database to execute arbitrary commands. | ||||
| CVE-2022-36961 | 1 Solarwinds | 1 Orion Platform | 2024-11-21 | 8.8 High |
| A vulnerable component of Orion Platform was vulnerable to SQL Injection, an authenticated attacker could leverage this for privilege escalation or remote code execution. | ||||
| CVE-2022-36960 | 1 Solarwinds | 1 Orion Platform | 2024-11-21 | 8.8 High |
| SolarWinds Platform was susceptible to Improper Input Validation. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to escalate user privileges. | ||||
| CVE-2022-36958 | 1 Solarwinds | 1 Orion Platform | 2024-11-21 | 8.8 High |
| SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands. | ||||
| CVE-2022-36957 | 1 Solarwinds | 1 Orion Platform | 2024-11-21 | 7.2 High |
| SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands. | ||||
| CVE-2021-3154 | 1 Solarwinds | 1 Serv-u | 2024-11-21 | 7.5 High |
| An issue was discovered in SolarWinds Serv-U before 15.2.2. Unauthenticated attackers can retrieve cleartext passwords via macro Injection. NOTE: this had a distinct fix relative to CVE-2020-35481. | ||||
| CVE-2021-3109 | 1 Solarwinds | 1 Orion Platform | 2024-11-21 | 4.8 Medium |
| The custom menu item options page in SolarWinds Orion Platform before 2020.2.5 allows Reverse Tabnabbing in the context of an administrator account. | ||||
| CVE-2021-35254 | 1 Solarwinds | 1 Webhelpdesk | 2024-11-21 | 8.2 High |
| SolarWinds received a report of a vulnerability related to an input that was not sanitized in WebHelpDesk. SolarWinds has removed this input field to prevent the misuse of this input in the future. | ||||
| CVE-2021-35252 | 1 Solarwinds | 1 Serv-u | 2024-11-21 | 7.5 High |
| Common encryption key appears to be used across all deployed instances of Serv-U FTP Server. Because of this an encrypted value that is exposed to an attacker can be simply recovered to plaintext. | ||||
| CVE-2021-35251 | 1 Solarwinds | 1 Web Help Desk | 2024-11-21 | 5.3 Medium |
| Sensitive information could be displayed when a detailed technical error message is posted. This information could disclose environmental details about the Web Help Desk installation. | ||||
| CVE-2021-35250 | 1 Solarwinds | 1 Serv-u | 2024-11-21 | 7.5 High |
| A researcher reported a Directory Transversal Vulnerability in Serv-U 15.3. This may allow access to files relating to the Serv-U installation and server files. This issue has been resolved in Serv-U 15.3 Hotfix 1. | ||||
| CVE-2021-35249 | 1 Solarwinds | 1 Serv-u | 2024-11-21 | 4.3 Medium |
| This broken access control vulnerability pertains specifically to a domain admin who can access configuration & user data of other domains which they should not have access to. Please note the admin is unable to modify the data (read only operation). This UAC issue leads to a data leak to unauthorized users for a domain, with no log of them accessing the data unless they attempt to modify it. This read-only activity is logged to the original domain and does not specify which domain was accessed. | ||||
| CVE-2021-35248 | 2 Microsoft, Solarwinds | 2 Windows, Orion Platform | 2024-11-21 | 6.8 Medium |
| It has been reported that any Orion user, e.g. guest accounts can query the Orion.UserSettings entity and enumerate users and their basic settings. | ||||
| CVE-2021-35246 | 1 Solarwinds | 1 Engineer\'s Toolset | 2024-11-21 | 5.3 Medium |
| The application fails to prevent users from connecting to it over unencrypted connections. An attacker able to modify a legitimate user's network traffic could bypass the application's use of SSL/TLS encryption and use the application as a platform for attacks against its users. | ||||
| CVE-2021-35245 | 2 Microsoft, Solarwinds | 2 Windows, Serv-u | 2024-11-21 | 8.4 High |
| When a user has admin rights in Serv-U Console, the user can move, create and delete any files are able to be accessed on the Serv-U host machine. | ||||
| CVE-2021-35244 | 2 Microsoft, Solarwinds | 2 Windows, Orion Platform | 2024-11-21 | 6.8 Medium |
| The "Log alert to a file" action within action management enables any Orion Platform user with Orion alert management rights to write to any file. An attacker with Orion alert management rights could use this vulnerability to perform an unrestricted file upload causing a remote code execution. | ||||