Vulnerabilities (CVE)

Filtered by vendor Solarwinds Subscribe
Total 274 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-36963 1 Solarwinds 1 Orion Platform 2024-02-28 N/A 7.2 HIGH
The SolarWinds Platform was susceptible to the Command Injection Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform admin account to execute arbitrary commands.
CVE-2022-47504 1 Solarwinds 1 Orion Platform 2024-02-28 N/A 7.2 HIGH
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
CVE-2022-36962 1 Solarwinds 1 Orion Platform 2024-02-28 N/A 7.2 HIGH
SolarWinds Platform was susceptible to Command Injection. This vulnerability allows a remote adversary with complete control over the SolarWinds database to execute arbitrary commands.
CVE-2022-38112 1 Solarwinds 1 Database Performance Analyzer 2024-02-28 N/A 7.5 HIGH
In DPA 2022.4 and older releases, generated heap memory dumps contain sensitive information in cleartext.
CVE-2022-38113 1 Solarwinds 1 Security Event Manager 2024-02-28 N/A 5.3 MEDIUM
This vulnerability discloses build and services versions in the server response header.
CVE-2022-47507 1 Solarwinds 1 Orion Platform 2024-02-28 N/A 7.2 HIGH
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
CVE-2022-38111 1 Solarwinds 1 Orion Platform 2024-02-28 N/A 7.2 HIGH
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
CVE-2022-47506 1 Solarwinds 1 Orion Platform 2024-02-28 N/A 7.8 HIGH
SolarWinds Platform was susceptible to the Directory Traversal Vulnerability. This vulnerability allows a local adversary with authenticated account access to edit the default configuration, enabling the execution of arbitrary commands.
CVE-2022-38106 1 Solarwinds 1 Serv-u 2024-02-28 N/A 5.4 MEDIUM
This vulnerability happens in the web client versions 15.3.0 to Serv-U 15.3.1. This vulnerability affects the directory creation function.
CVE-2022-47508 1 Solarwinds 1 Server And Application Monitor 2024-02-28 N/A 7.5 HIGH
Customers who had configured their polling to occur via Kerberos did not expect NTLM Traffic on their environment, but since we were querying for data via IP address this prevented us from utilizing Kerberos.
CVE-2022-38115 1 Solarwinds 1 Security Event Manager 2024-02-28 N/A 5.3 MEDIUM
Insecure method vulnerability in which allowed HTTP methods are disclosed. E.g., OPTIONS, DELETE, TRACE, and PUT
CVE-2022-47503 1 Solarwinds 1 Orion Platform 2024-02-28 N/A 7.2 HIGH
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
CVE-2023-23836 1 Solarwinds 1 Orion Platform 2024-02-28 N/A 7.2 HIGH
SolarWinds Platform version 2022.4.1 was found to be susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to the SolarWinds Web Console to execute arbitrary commands.
CVE-2022-36964 1 Solarwinds 1 Orion Platform 2024-02-28 N/A 8.8 HIGH
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands.
CVE-2022-38114 1 Solarwinds 1 Security Event Manager 2024-02-28 N/A 6.1 MEDIUM
This vulnerability occurs when a web server fails to correctly process the Content-Length of POST requests. This can lead to HTTP request smuggling or XSS.
CVE-2022-38110 1 Solarwinds 1 Database Performance Analyzer 2024-02-28 N/A 5.4 MEDIUM
In Database Performance Analyzer (DPA) 2022.4 and older releases, certain URL vectors are susceptible to authenticated reflected cross-site scripting.
CVE-2021-35246 1 Solarwinds 1 Engineer\'s Toolset 2024-02-28 N/A 5.3 MEDIUM
The application fails to prevent users from connecting to it over unencrypted connections. An attacker able to modify a legitimate user's network traffic could bypass the application's use of SSL/TLS encryption and use the application as a platform for attacks against its users.
CVE-2021-35252 1 Solarwinds 1 Serv-u 2024-02-28 N/A 7.5 HIGH
Common encryption key appears to be used across all deployed instances of Serv-U FTP Server. Because of this an encrypted value that is exposed to an attacker can be simply recovered to plaintext.
CVE-2022-47012 1 Solarwinds 1 Dynamips 2024-02-28 N/A 7.5 HIGH
Use of uninitialized variable in function gen_eth_recv in GNS3 dynamips 0.2.21.
CVE-2022-38108 1 Solarwinds 1 Orion Platform 2024-02-28 N/A 7.2 HIGH
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.