Filtered by vendor Solarwinds
Subscriptions
Total
290 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-38107 | 1 Solarwinds | 1 Sql Sentry | 2025-05-08 | 5.3 Medium |
| Sensitive information could be displayed when a detailed technical error message is posted. This information could disclose environmental details. | ||||
| CVE-2022-38108 | 1 Solarwinds | 1 Orion Platform | 2025-05-08 | 7.2 High |
| SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands. | ||||
| CVE-2022-36958 | 1 Solarwinds | 1 Orion Platform | 2025-05-08 | 8.8 High |
| SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands. | ||||
| CVE-2022-36966 | 1 Solarwinds | 1 Orion Platform | 2025-05-07 | 5.4 Medium |
| Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds Platform 2022.3 and previous. | ||||
| CVE-2022-36957 | 1 Solarwinds | 1 Orion Platform | 2025-05-05 | 7.2 High |
| SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands. | ||||
| CVE-2022-38113 | 1 Solarwinds | 1 Security Event Manager | 2025-04-25 | 5.3 Medium |
| This vulnerability discloses build and services versions in the server response header. | ||||
| CVE-2022-38114 | 1 Solarwinds | 1 Security Event Manager | 2025-04-25 | 6.1 Medium |
| This vulnerability occurs when a web server fails to correctly process the Content-Length of POST requests. This can lead to HTTP request smuggling or XSS. | ||||
| CVE-2021-35246 | 1 Solarwinds | 1 Engineer\'s Toolset | 2025-04-25 | 5.3 Medium |
| The application fails to prevent users from connecting to it over unencrypted connections. An attacker able to modify a legitimate user's network traffic could bypass the application's use of SSL/TLS encryption and use the application as a platform for attacks against its users. | ||||
| CVE-2022-36962 | 1 Solarwinds | 1 Orion Platform | 2025-04-25 | 7.2 High |
| SolarWinds Platform was susceptible to Command Injection. This vulnerability allows a remote adversary with complete control over the SolarWinds database to execute arbitrary commands. | ||||
| CVE-2022-36964 | 1 Solarwinds | 1 Orion Platform | 2025-04-25 | 8.8 High |
| SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands. | ||||
| CVE-2022-38115 | 1 Solarwinds | 1 Security Event Manager | 2025-04-24 | 5.3 Medium |
| Insecure method vulnerability in which allowed HTTP methods are disclosed. E.g., OPTIONS, DELETE, TRACE, and PUT | ||||
| CVE-2022-36960 | 1 Solarwinds | 1 Orion Platform | 2025-04-24 | 8.8 High |
| SolarWinds Platform was susceptible to Improper Input Validation. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to escalate user privileges. | ||||
| CVE-2017-5198 | 1 Solarwinds | 1 Log And Event Manager | 2025-04-20 | N/A |
| SolarWinds LEM (aka SIEM) before 6.3.1 has an incorrect sudo configuration, which allows local users to obtain root access by editing /usr/local/contego/scripts/hostname.sh. | ||||
| CVE-2012-2576 | 1 Solarwinds | 3 Backup Profiler, Storage Manager, Storage Profiler | 2025-04-20 | N/A |
| SQL injection vulnerability in the LoginServlet page in SolarWinds Storage Manager before 5.1.2, SolarWinds Storage Profiler before 5.1.2, and SolarWinds Backup Profiler before 5.1.2 allows remote attackers to execute arbitrary SQL commands via the loginName field. | ||||
| CVE-2017-7647 | 1 Solarwinds | 1 Log \& Event Manager | 2025-04-20 | N/A |
| SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an authenticated user to execute arbitrary commands. | ||||
| CVE-2017-9537 | 1 Solarwinds | 1 Network Performance Monitor | 2025-04-20 | N/A |
| Persistent cross-site scripting (XSS) in the Add Node function of SolarWinds Network Performance Monitor version 12.0.15300.90 allows remote attackers to introduce arbitrary JavaScript into various vulnerable parameters. | ||||
| CVE-2017-6803 | 1 Solarwinds | 1 Ftp Voyager | 2025-04-20 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface in the Scheduler in SolarWinds (formerly Serv-U) FTP Voyager 16.2.0 allow remote attackers to hijack the authentication of users for requests that (1) change the admin password, (2) terminate the scheduler, or (3) possibly execute arbitrary commands via crafted requests to Admin/XML/Result.xml. | ||||
| CVE-2017-7722 | 1 Solarwinds | 1 Log \& Event Manager | 2025-04-20 | N/A |
| In SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4, a menu system is encountered when the SSH service is accessed with "cmc" and "password" (the default username and password). By exploiting a vulnerability in the restrictssh feature of the menuing script, an attacker can escape from the restricted shell. | ||||
| CVE-2017-5199 | 1 Solarwinds | 1 Log And Event Manager | 2025-04-20 | N/A |
| The editbanner feature in SolarWinds LEM (aka SIEM) through 6.3.1 allows remote authenticated users to execute arbitrary code by editing /usr/local/contego/scripts/mgrconfig.pl. | ||||
| CVE-2017-7646 | 1 Solarwinds | 1 Log \& Event Manager | 2025-04-20 | N/A |
| SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an authenticated user to browse the server's filesystem and read the contents of arbitrary files contained within. | ||||