Filtered by vendor Solarwinds
Subscribe
Total
274 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-36963 | 1 Solarwinds | 1 Orion Platform | 2024-02-28 | N/A | 7.2 HIGH |
The SolarWinds Platform was susceptible to the Command Injection Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform admin account to execute arbitrary commands. | |||||
CVE-2022-47504 | 1 Solarwinds | 1 Orion Platform | 2024-02-28 | N/A | 7.2 HIGH |
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands. | |||||
CVE-2022-36962 | 1 Solarwinds | 1 Orion Platform | 2024-02-28 | N/A | 7.2 HIGH |
SolarWinds Platform was susceptible to Command Injection. This vulnerability allows a remote adversary with complete control over the SolarWinds database to execute arbitrary commands. | |||||
CVE-2022-38112 | 1 Solarwinds | 1 Database Performance Analyzer | 2024-02-28 | N/A | 7.5 HIGH |
In DPA 2022.4 and older releases, generated heap memory dumps contain sensitive information in cleartext. | |||||
CVE-2022-38113 | 1 Solarwinds | 1 Security Event Manager | 2024-02-28 | N/A | 5.3 MEDIUM |
This vulnerability discloses build and services versions in the server response header. | |||||
CVE-2022-47507 | 1 Solarwinds | 1 Orion Platform | 2024-02-28 | N/A | 7.2 HIGH |
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands. | |||||
CVE-2022-38111 | 1 Solarwinds | 1 Orion Platform | 2024-02-28 | N/A | 7.2 HIGH |
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands. | |||||
CVE-2022-47506 | 1 Solarwinds | 1 Orion Platform | 2024-02-28 | N/A | 7.8 HIGH |
SolarWinds Platform was susceptible to the Directory Traversal Vulnerability. This vulnerability allows a local adversary with authenticated account access to edit the default configuration, enabling the execution of arbitrary commands. | |||||
CVE-2022-38106 | 1 Solarwinds | 1 Serv-u | 2024-02-28 | N/A | 5.4 MEDIUM |
This vulnerability happens in the web client versions 15.3.0 to Serv-U 15.3.1. This vulnerability affects the directory creation function. | |||||
CVE-2022-47508 | 1 Solarwinds | 1 Server And Application Monitor | 2024-02-28 | N/A | 7.5 HIGH |
Customers who had configured their polling to occur via Kerberos did not expect NTLM Traffic on their environment, but since we were querying for data via IP address this prevented us from utilizing Kerberos. | |||||
CVE-2022-38115 | 1 Solarwinds | 1 Security Event Manager | 2024-02-28 | N/A | 5.3 MEDIUM |
Insecure method vulnerability in which allowed HTTP methods are disclosed. E.g., OPTIONS, DELETE, TRACE, and PUT | |||||
CVE-2022-47503 | 1 Solarwinds | 1 Orion Platform | 2024-02-28 | N/A | 7.2 HIGH |
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands. | |||||
CVE-2023-23836 | 1 Solarwinds | 1 Orion Platform | 2024-02-28 | N/A | 7.2 HIGH |
SolarWinds Platform version 2022.4.1 was found to be susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to the SolarWinds Web Console to execute arbitrary commands. | |||||
CVE-2022-36964 | 1 Solarwinds | 1 Orion Platform | 2024-02-28 | N/A | 8.8 HIGH |
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands. | |||||
CVE-2022-38114 | 1 Solarwinds | 1 Security Event Manager | 2024-02-28 | N/A | 6.1 MEDIUM |
This vulnerability occurs when a web server fails to correctly process the Content-Length of POST requests. This can lead to HTTP request smuggling or XSS. | |||||
CVE-2022-38110 | 1 Solarwinds | 1 Database Performance Analyzer | 2024-02-28 | N/A | 5.4 MEDIUM |
In Database Performance Analyzer (DPA) 2022.4 and older releases, certain URL vectors are susceptible to authenticated reflected cross-site scripting. | |||||
CVE-2021-35246 | 1 Solarwinds | 1 Engineer\'s Toolset | 2024-02-28 | N/A | 5.3 MEDIUM |
The application fails to prevent users from connecting to it over unencrypted connections. An attacker able to modify a legitimate user's network traffic could bypass the application's use of SSL/TLS encryption and use the application as a platform for attacks against its users. | |||||
CVE-2021-35252 | 1 Solarwinds | 1 Serv-u | 2024-02-28 | N/A | 7.5 HIGH |
Common encryption key appears to be used across all deployed instances of Serv-U FTP Server. Because of this an encrypted value that is exposed to an attacker can be simply recovered to plaintext. | |||||
CVE-2022-47012 | 1 Solarwinds | 1 Dynamips | 2024-02-28 | N/A | 7.5 HIGH |
Use of uninitialized variable in function gen_eth_recv in GNS3 dynamips 0.2.21. | |||||
CVE-2022-38108 | 1 Solarwinds | 1 Orion Platform | 2024-02-28 | N/A | 7.2 HIGH |
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands. |