Vulnerabilities (CVE)

Filtered by vendor Solarwinds Subscribe
Total 274 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-23465 1 Solarwinds 1 Access Rights Manager 2024-11-21 N/A 8.3 HIGH
The SolarWinds Access Rights Manager was found to be susceptible to an authentication bypass vulnerability. This vulnerability allows an unauthenticated user to gain domain admin access within the Active Directory environment.  
CVE-2023-50395 1 Solarwinds 1 Solarwinds Platform 2024-11-21 N/A 8.0 HIGH
SQL Injection Remote Code Execution Vulnerability was found using an update statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited
CVE-2023-40062 1 Solarwinds 1 Solarwinds Platform 2024-11-21 N/A 8.0 HIGH
SolarWinds Platform Incomplete List of Disallowed Inputs Remote Code Execution Vulnerability. If executed, this vulnerability would allow a low-privileged user to execute commands with SYSTEM privileges.
CVE-2023-40061 1 Solarwinds 1 Solarwinds Platform 2024-11-21 N/A 8.8 HIGH
 Insecure job execution mechanism vulnerability. This vulnerability can lead to other attacks as a result.
CVE-2023-40060 1 Solarwinds 1 Serv-u 2024-11-21 N/A 7.2 HIGH
A vulnerability has been identified within Serv-U 15.4 and 15.4 Hotfix 1 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action. 15.4.  SolarWinds found that the issue was not completely fixed in 15.4 Hotfix 1. 
CVE-2023-40058 1 Solarwinds 1 Access Rights Manager 2024-11-21 N/A 6.5 MEDIUM
Sensitive data was added to our public-facing knowledgebase that, if exploited, could be used to access components of Access Rights Manager (ARM) if the threat actor is in the same environment.
CVE-2023-40057 1 Solarwinds 1 Access Rights Manager 2024-11-21 N/A 9.0 CRITICAL
The SolarWinds Access Rights Manager was found to be susceptible to a Remote Code Execution Vulnerability. If exploited, this vulnerability allows an authenticated user to abuse a SolarWinds service resulting in remote code execution.
CVE-2023-40056 1 Solarwinds 1 Solarwinds Platform 2024-11-21 N/A 8.0 HIGH
SQL Injection Remote Code Vulnerability was found in the SolarWinds Platform. This vulnerability can be exploited with a low privileged account.
CVE-2023-40055 1 Solarwinds 1 Network Configuration Manager 2024-11-21 N/A 8.0 HIGH
The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows a low-level user to perform the actions with SYSTEM privileges. We found this issue was not resolved in CVE-2023-33227
CVE-2023-40054 1 Solarwinds 1 Network Configuration Manager 2024-11-21 N/A 8.0 HIGH
The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows a low-level user to perform the actions with SYSTEM privileges. We found this issue was not resolved in CVE-2023-33226
CVE-2023-40053 1 Solarwinds 1 Serv-u 2024-11-21 N/A 5.0 MEDIUM
A vulnerability has been identified within Serv-U 15.4 that allows an authenticated actor to insert content on the file share function feature of Serv-U, which could be used maliciously.
CVE-2023-3622 1 Solarwinds 1 Solarwinds Platform 2024-11-21 N/A 4.3 MEDIUM
Access Control Bypass Vulnerability in the SolarWinds Platform that allows an underprivileged user to read arbitrary resource
CVE-2023-35188 1 Solarwinds 1 Solarwinds Platform 2024-11-21 N/A 8.0 HIGH
SQL Injection Remote Code Execution Vulnerability was found using a create statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited.
CVE-2023-35187 1 Solarwinds 1 Access Rights Manager 2024-11-21 N/A 8.8 HIGH
The SolarWinds Access Rights Manager was susceptible to a Directory Traversal Remote Code Vulnerability. This vulnerability allows an unauthenticated user to achieve the Remote Code Execution.
CVE-2023-35186 1 Solarwinds 1 Access Rights Manager 2024-11-21 N/A 8.0 HIGH
The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an authenticated user to abuse SolarWinds service resulting in remote code execution.
CVE-2023-35185 1 Solarwinds 1 Access Rights Manager 2024-11-21 N/A 6.8 MEDIUM
The SolarWinds Access Rights Manager was susceptible to a Directory Traversal Remote Code Vulnerability using SYSTEM privileges.
CVE-2023-35184 1 Solarwinds 1 Access Rights Manager 2024-11-21 N/A 8.8 HIGH
The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an unauthenticated user to abuse a SolarWinds service resulting in a remote code execution.
CVE-2023-35183 1 Solarwinds 1 Access Rights Manager 2024-11-21 N/A 7.8 HIGH
The SolarWinds Access Rights Manager was susceptible to Privilege Escalation Vulnerability. This vulnerability allows authenticated users to abuse local resources to Privilege Escalation.
CVE-2023-35182 1 Solarwinds 1 Access Rights Manager 2024-11-21 N/A 8.8 HIGH
The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability can be abused by unauthenticated users on SolarWinds ARM Server.
CVE-2023-35181 1 Solarwinds 1 Access Rights Manager 2024-11-21 N/A 7.8 HIGH
The SolarWinds Access Rights Manager was susceptible to Privilege Escalation Vulnerability. This vulnerability allows users to abuse incorrect folder permission resulting in Privilege Escalation.