Total
19 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-47512 | 2 Microsoft, Solarwinds | 2 Windows, Solarwinds Platform | 2024-11-21 | N/A | 5.5 MEDIUM |
| Sensitive information was stored in plain text in a file that is accessible by a user with a local account in Hybrid Cloud Observability (HCO)/ SolarWinds Platform 2022.4. No other versions are affected | |||||
| CVE-2022-36965 | 1 Solarwinds | 1 Solarwinds Platform | 2024-11-21 | N/A | 6.1 MEDIUM |
| Insufficient sanitization of inputs in QoE application input field could lead to stored and Dom based XSS attack. This issue is fixed and released in SolarWinds Platform (2022.3.0). | |||||
| CVE-2024-45715 | 1 Solarwinds | 1 Solarwinds Platform | 2024-10-30 | N/A | 6.1 MEDIUM |
| The SolarWinds Platform was susceptible to a Cross-Site Scripting vulnerability when performing an edit function to existing elements. | |||||
| CVE-2024-45710 | 1 Solarwinds | 1 Solarwinds Platform | 2024-10-17 | N/A | 7.8 HIGH |
| SolarWinds Platform is susceptible to an Uncontrolled Search Path Element Local Privilege Escalation vulnerability. This requires a low privilege account and local access to the affected node machine. | |||||
| CVE-2024-28999 | 1 Solarwinds | 1 Solarwinds Platform | 2024-06-06 | N/A | 8.1 HIGH |
| The SolarWinds Platform was determined to be affected by a Race Condition Vulnerability affecting the web console. | |||||
| CVE-2024-29004 | 1 Solarwinds | 1 Solarwinds Platform | 2024-06-06 | N/A | 4.8 MEDIUM |
| The SolarWinds Platform was determined to be affected by a stored cross-site scripting vulnerability affecting the web console. A high-privileged user and user interaction is required to exploit this vulnerability. | |||||
| CVE-2024-28996 | 1 Solarwinds | 1 Solarwinds Platform | 2024-06-06 | N/A | 8.1 HIGH |
| The SolarWinds Platform was determined to be affected by a SWQL Injection Vulnerability. Attack complexity is high for this vulnerability. | |||||
| CVE-2023-40056 | 1 Solarwinds | 1 Solarwinds Platform | 2024-02-28 | N/A | 8.8 HIGH |
| SQL Injection Remote Code Vulnerability was found in the SolarWinds Platform. This vulnerability can be exploited with a low privileged account. | |||||
| CVE-2023-35188 | 1 Solarwinds | 1 Solarwinds Platform | 2024-02-28 | N/A | 8.8 HIGH |
| SQL Injection Remote Code Execution Vulnerability was found using a create statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited. | |||||
| CVE-2023-50395 | 1 Solarwinds | 1 Solarwinds Platform | 2024-02-28 | N/A | 8.8 HIGH |
| SQL Injection Remote Code Execution Vulnerability was found using an update statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited | |||||
| CVE-2023-33229 | 1 Solarwinds | 1 Solarwinds Platform | 2024-02-28 | N/A | 3.5 LOW |
| The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform account to append URL parameters to inject passive HTML. | |||||
| CVE-2023-40061 | 1 Solarwinds | 1 Solarwinds Platform | 2024-02-28 | N/A | 8.8 HIGH |
| Insecure job execution mechanism vulnerability. This vulnerability can lead to other attacks as a result. | |||||
| CVE-2023-23844 | 1 Solarwinds | 1 Solarwinds Platform | 2024-02-28 | N/A | 7.2 HIGH |
| The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with SYSTEM privileges. | |||||
| CVE-2023-33225 | 1 Solarwinds | 1 Solarwinds Platform | 2024-02-28 | N/A | 7.2 HIGH |
| The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with SYSTEM privileges. | |||||
| CVE-2023-23843 | 1 Solarwinds | 1 Solarwinds Platform | 2024-02-28 | N/A | 7.2 HIGH |
| The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands. | |||||
| CVE-2023-40062 | 1 Solarwinds | 1 Solarwinds Platform | 2024-02-28 | N/A | 8.8 HIGH |
| SolarWinds Platform Incomplete List of Disallowed Inputs Remote Code Execution Vulnerability. If executed, this vulnerability would allow a low-privileged user to execute commands with SYSTEM privileges. | |||||
| CVE-2023-3622 | 1 Solarwinds | 1 Solarwinds Platform | 2024-02-28 | N/A | 4.3 MEDIUM |
| Access Control Bypass Vulnerability in the SolarWinds Platform that allows an underprivileged user to read arbitrary resource | |||||
| CVE-2023-33224 | 1 Solarwinds | 1 Solarwinds Platform | 2024-02-28 | N/A | 7.2 HIGH |
| The SolarWinds Platform was susceptible to the Incorrect Behavior Order Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges. | |||||
| CVE-2023-23839 | 1 Solarwinds | 1 Solarwinds Platform | 2024-02-28 | N/A | 6.5 MEDIUM |
| The SolarWinds Platform was susceptible to the Exposure of Sensitive Information Vulnerability. This vulnerability allows users to access Orion.WebCommunityStrings SWIS schema object and obtain sensitive information. | |||||