Filtered by vendor Solarwinds
Subscriptions
Total
304 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-29003 | 1 Solarwinds | 1 Solarwinds Platform | 2025-02-10 | 7.5 High |
| The SolarWinds Platform was susceptible to a XSS vulnerability that affects the maps section of the user interface. This vulnerability requires authentication and requires user interaction. | ||||
| CVE-2024-29001 | 1 Solarwinds | 1 Solarwinds Platform | 2025-02-10 | 7.5 High |
| A SolarWinds Platform SWQL Injection Vulnerability was identified in the user interface. This vulnerability requires authentication and user interaction to be exploited. | ||||
| CVE-2024-28076 | 1 Solarwinds | 1 Solarwinds Platform | 2025-02-10 | 7 High |
| The SolarWinds Platform was susceptible to a Arbitrary Open Redirection Vulnerability. A potential attacker can redirect to different domain when using URL parameter with relative entry in the correct format | ||||
| CVE-2024-28073 | 1 Solarwinds | 1 Serv-u | 2025-02-10 | 8.4 High |
| SolarWinds Serv-U was found to be susceptible to a Directory Traversal Remote Code Vulnerability. This vulnerability requires a highly privileged account to be exploited. | ||||
| CVE-2024-45717 | 1 Solarwinds | 1 Solarwinds Platform | 2025-02-06 | 7 High |
| The SolarWinds Platform was susceptible to a XSS vulnerability that affects the search and node information section of the user interface. This vulnerability requires authentication and requires user interaction. | ||||
| CVE-2022-36963 | 1 Solarwinds | 1 Orion Platform | 2025-02-05 | 7.2 High |
| The SolarWinds Platform was susceptible to the Command Injection Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform admin account to execute arbitrary commands. | ||||
| CVE-2022-47505 | 1 Solarwinds | 1 Orion Platform | 2025-02-05 | 7.8 High |
| The SolarWinds Platform was susceptible to the Local Privilege Escalation Vulnerability. This vulnerability allows a local adversary with a valid system user account to escalate local privileges. | ||||
| CVE-2022-47509 | 1 Solarwinds | 1 Orion Platform | 2025-02-04 | 6.1 Medium |
| The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform account to append URL parameters to inject HTML. | ||||
| CVE-2023-23838 | 2 Microsoft, Solarwinds | 2 Windows, Database Performance Analyzer | 2025-02-04 | 6.5 Medium |
| Directory traversal and file enumeration vulnerability which allowed users to enumerate to different folders of the server. | ||||
| CVE-2023-23837 | 2 Microsoft, Solarwinds | 2 Windows, Database Performance Analyzer | 2025-02-04 | 7.5 High |
| No exception handling vulnerability which revealed sensitive or excessive information to users. | ||||
| CVE-2023-23839 | 1 Solarwinds | 1 Solarwinds Platform | 2025-02-04 | 6.5 Medium |
| The SolarWinds Platform was susceptible to the Exposure of Sensitive Information Vulnerability. This vulnerability allows users to access Orion.WebCommunityStrings SWIS schema object and obtain sensitive information. | ||||
| CVE-2023-23841 | 1 Solarwinds | 1 Serv-u | 2024-12-12 | 7.5 High |
| SolarWinds Serv-U is submitting an HTTP request when changing or updating the attributes for File Share or File request. Part of the URL of the request discloses sensitive data. | ||||
| CVE-2024-29004 | 1 Solarwinds | 1 Solarwinds Platform | 2024-11-21 | 7.1 High |
| The SolarWinds Platform was determined to be affected by a stored cross-site scripting vulnerability affecting the web console. A high-privileged user and user interaction is required to exploit this vulnerability. | ||||
| CVE-2024-28999 | 1 Solarwinds | 1 Solarwinds Platform | 2024-11-21 | 6.4 Medium |
| The SolarWinds Platform was determined to be affected by a Race Condition Vulnerability affecting the web console. | ||||
| CVE-2024-28996 | 1 Solarwinds | 1 Solarwinds Platform | 2024-11-21 | 7.5 High |
| The SolarWinds Platform was determined to be affected by a SWQL Injection Vulnerability. Attack complexity is high for this vulnerability. | ||||
| CVE-2024-28993 | 1 Solarwinds | 1 Access Rights Manager | 2024-11-21 | 7.6 High |
| The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. This vulnerability allows an unauthenticated user to perform arbitrary file deletion and leak sensitive information. | ||||
| CVE-2024-28992 | 1 Solarwinds | 1 Access Rights Manager | 2024-11-21 | 7.6 High |
| The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. This vulnerability allows an unauthenticated user to perform arbitrary file deletion and leak sensitive information. | ||||
| CVE-2024-28074 | 1 Solarwinds | 1 Access Rights Manager | 2024-11-21 | 9.6 Critical |
| It was discovered that a previous vulnerability was not completely fixed with SolarWinds Access Rights Manager. While some controls were implemented the researcher was able to bypass these and use a different method to exploit the vulnerability. | ||||
| CVE-2024-23479 | 1 Solarwinds | 1 Access Rights Manager | 2024-11-21 | 9.6 Critical |
| SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited, this vulnerability allows an unauthenticated user to achieve a Remote Code Execution. | ||||
| CVE-2024-23478 | 1 Solarwinds | 1 Access Rights Manager | 2024-11-21 | 8 High |
| SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Remote Code Execution Vulnerability. If exploited, this vulnerability allows an authenticated user to abuse a SolarWinds service, resulting in remote code execution. | ||||