Filtered by vendor Solarwinds
Subscribe
Total
269 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-35232 | 1 Solarwinds | 1 Webhelpdesk | 2024-09-17 | 3.6 LOW | 6.1 MEDIUM |
Hard coded credentials discovered in SolarWinds Web Help Desk product. Through these credentials, the attacker with local access to the Web Help Desk host machine allows to execute arbitrary HQL queries against the database and leverage the vulnerability to steal the password hashes of the users or insert arbitrary data into the database. | |||||
CVE-2022-36960 | 1 Solarwinds | 1 Orion Platform | 2024-09-17 | N/A | 8.8 HIGH |
SolarWinds Platform was susceptible to Improper Input Validation. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to escalate user privileges. | |||||
CVE-2022-38107 | 1 Solarwinds | 1 Sql Sentry | 2024-09-17 | N/A | 5.3 MEDIUM |
Sensitive information could be displayed when a detailed technical error message is posted. This information could disclose environmental details. | |||||
CVE-2021-35250 | 1 Solarwinds | 1 Serv-u | 2024-09-17 | 5.0 MEDIUM | 7.5 HIGH |
A researcher reported a Directory Transversal Vulnerability in Serv-U 15.3. This may allow access to files relating to the Serv-U installation and server files. This issue has been resolved in Serv-U 15.3 Hotfix 1. | |||||
CVE-2021-35237 | 1 Solarwinds | 1 Kiwi Syslog Server | 2024-09-16 | 4.3 MEDIUM | 4.3 MEDIUM |
A missing HTTP header (X-Frame-Options) in Kiwi Syslog Server has left customers vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item, such as a button or link, to another server in which they have an identical webpage. The attacker essentially hijacks the user activity intended for the original server and sends them to the other server. This is an attack on both the user and the server. | |||||
CVE-2022-36961 | 1 Solarwinds | 1 Orion Platform | 2024-09-16 | N/A | 8.8 HIGH |
A vulnerable component of Orion Platform was vulnerable to SQL Injection, an authenticated attacker could leverage this for privilege escalation or remote code execution. | |||||
CVE-2021-35248 | 2 Microsoft, Solarwinds | 2 Windows, Orion Platform | 2024-09-16 | 4.0 MEDIUM | 4.3 MEDIUM |
It has been reported that any Orion user, e.g. guest accounts can query the Orion.UserSettings entity and enumerate users and their basic settings. | |||||
CVE-2022-47512 | 2 Microsoft, Solarwinds | 2 Windows, Solarwinds Platform | 2024-09-16 | N/A | 5.5 MEDIUM |
Sensitive information was stored in plain text in a file that is accessible by a user with a local account in Hybrid Cloud Observability (HCO)/ SolarWinds Platform 2022.4. No other versions are affected | |||||
CVE-2022-36966 | 1 Solarwinds | 1 Orion Platform | 2024-09-16 | N/A | 5.4 MEDIUM |
Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds Platform 2022.3 and previous. | |||||
CVE-2021-35234 | 1 Solarwinds | 1 Orion Platform | 2024-09-16 | 6.5 MEDIUM | 8.8 HIGH |
Numerous exposed dangerous functions within Orion Core has allows for read-only SQL injection leading to privileged escalation. An attacker with low-user privileges may steal password hashes and password salt information. | |||||
CVE-2022-36965 | 1 Solarwinds | 1 Solarwinds Platform | 2024-09-16 | N/A | 6.1 MEDIUM |
Insufficient sanitization of inputs in QoE application input field could lead to stored and Dom based XSS attack. This issue is fixed and released in SolarWinds Platform (2022.3.0). | |||||
CVE-2024-28991 | 1 Solarwinds | 1 Access Rights Manager | 2024-09-16 | N/A | 8.8 HIGH |
SolarWinds Access Rights Manager (ARM) was found to be susceptible to a remote code execution vulnerability. If exploited, this vulnerability would allow an authenticated user to abuse the service, resulting in remote code execution. | |||||
CVE-2024-28990 | 1 Solarwinds | 1 Access Rights Manager | 2024-09-16 | N/A | 9.8 CRITICAL |
SolarWinds Access Rights Manager (ARM) was found to contain a hard-coded credential authentication bypass vulnerability. If exploited, this vulnerability would allow access to the RabbitMQ management console. We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities. | |||||
CVE-2024-23470 | 1 Solarwinds | 1 Access Rights Manager | 2024-09-11 | N/A | 9.8 CRITICAL |
The SolarWinds Access Rights Manager was found to be susceptible to a pre-authentication remote code execution vulnerability. If exploited, this vulnerability allows an unauthenticated user to run commands and executables. | |||||
CVE-2024-23465 | 1 Solarwinds | 1 Access Rights Manager | 2024-09-10 | N/A | 9.8 CRITICAL |
The SolarWinds Access Rights Manager was found to be susceptible to an authentication bypass vulnerability. This vulnerability allows an unauthenticated user to gain domain admin access within the Active Directory environment. | |||||
CVE-2024-28074 | 1 Solarwinds | 1 Access Rights Manager | 2024-09-10 | N/A | 9.8 CRITICAL |
It was discovered that a previous vulnerability was not completely fixed with SolarWinds Access Rights Manager. While some controls were implemented the researcher was able to bypass these and use a different method to exploit the vulnerability. | |||||
CVE-2024-23475 | 1 Solarwinds | 1 Access Rights Manager | 2024-09-10 | N/A | 9.8 CRITICAL |
The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. This vulnerability allows an unauthenticated user to perform arbitrary file deletion and leak sensitive information. | |||||
CVE-2024-23474 | 1 Solarwinds | 1 Access Rights Manager | 2024-09-10 | N/A | 9.8 CRITICAL |
The SolarWinds Access Rights Manager was found to be susceptible to an Arbitrary File Deletion and Information Disclosure vulnerability. | |||||
CVE-2024-23471 | 1 Solarwinds | 1 Access Rights Manager | 2024-09-10 | N/A | 9.8 CRITICAL |
The SolarWinds Access Rights Manager was found to be susceptible to a Remote Code Execution Vulnerability. If exploited, this vulnerability allows an authenticated user to abuse a SolarWinds service resulting in remote code execution. | |||||
CVE-2024-23469 | 1 Solarwinds | 1 Access Rights Manager | 2024-09-10 | N/A | 9.8 CRITICAL |
SolarWinds Access Rights Manager (ARM) is susceptible to a Remote Code Execution vulnerability. If exploited, this vulnerability allows an unauthenticated user to perform the actions with SYSTEM privileges. |