Filtered by vendor Solarwinds
Subscribe
Total
227 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-23478 | 1 Solarwinds | 1 Access Rights Manager | 2024-02-20 | N/A | 8.0 HIGH |
SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Remote Code Execution Vulnerability. If exploited, this vulnerability allows an authenticated user to abuse a SolarWinds service, resulting in remote code execution. | |||||
CVE-2023-40057 | 1 Solarwinds | 1 Access Rights Manager | 2024-02-20 | N/A | 9.0 CRITICAL |
The SolarWinds Access Rights Manager was found to be susceptible to a Remote Code Execution Vulnerability. If exploited, this vulnerability allows an authenticated user to abuse a SolarWinds service resulting in remote code execution. | |||||
CVE-2024-23476 | 1 Solarwinds | 1 Access Rights Manager | 2024-02-20 | N/A | 9.6 CRITICAL |
The SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited, this vulnerability allows an unauthenticated user to achieve the Remote Code Execution. | |||||
CVE-2024-23477 | 1 Solarwinds | 1 Access Rights Manager | 2024-02-20 | N/A | 9.6 CRITICAL |
The SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited, this vulnerability allows an unauthenticated user to achieve a Remote Code Execution. | |||||
CVE-2024-23479 | 1 Solarwinds | 1 Access Rights Manager | 2024-02-20 | N/A | 9.6 CRITICAL |
SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited, this vulnerability allows an unauthenticated user to achieve a Remote Code Execution. | |||||
CVE-2023-35188 | 1 Solarwinds | 1 Solarwinds Platform | 2024-02-13 | N/A | 8.8 HIGH |
SQL Injection Remote Code Execution Vulnerability was found using a create statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited. | |||||
CVE-2023-50395 | 1 Solarwinds | 1 Solarwinds Platform | 2024-02-13 | N/A | 8.8 HIGH |
SQL Injection Remote Code Execution Vulnerability was found using an update statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited | |||||
CVE-2023-40056 | 1 Solarwinds | 1 Solarwinds Platform | 2024-02-05 | N/A | 8.8 HIGH |
SQL Injection Remote Code Vulnerability was found in the SolarWinds Platform. This vulnerability can be exploited with a low privileged account. | |||||
CVE-2023-40053 | 1 Solarwinds | 1 Serv-u | 2024-02-05 | N/A | 5.0 MEDIUM |
A vulnerability has been identified within Serv-U 15.4 that allows an authenticated actor to insert content on the file share function feature of Serv-U, which could be used maliciously. | |||||
CVE-2023-23840 | 1 Solarwinds | 1 Orion Platform | 2024-02-05 | N/A | 7.2 HIGH |
The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges. | |||||
CVE-2023-23845 | 1 Solarwinds | 1 Orion Platform | 2024-02-05 | N/A | 7.2 HIGH |
The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges. | |||||
CVE-2023-33225 | 1 Solarwinds | 1 Solarwinds Platform | 2024-02-05 | N/A | 7.2 HIGH |
The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with SYSTEM privileges. | |||||
CVE-2023-23844 | 1 Solarwinds | 1 Solarwinds Platform | 2024-02-05 | N/A | 7.2 HIGH |
The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with SYSTEM privileges. | |||||
CVE-2023-33231 | 1 Solarwinds | 1 Database Performance Analyzer | 2024-02-05 | N/A | 6.1 MEDIUM |
XSS attack was possible in DPA 2023.2 due to insufficient input validation | |||||
CVE-2023-33224 | 1 Solarwinds | 1 Solarwinds Platform | 2024-02-05 | N/A | 7.2 HIGH |
The SolarWinds Platform was susceptible to the Incorrect Behavior Order Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges. | |||||
CVE-2023-23843 | 1 Solarwinds | 1 Solarwinds Platform | 2024-02-05 | N/A | 7.2 HIGH |
The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands. | |||||
CVE-2023-35185 | 1 Solarwinds | 1 Access Rights Manager | 2024-02-05 | N/A | 6.8 MEDIUM |
The SolarWinds Access Rights Manager was susceptible to a Directory Traversal Remote Code Vulnerability using SYSTEM privileges. | |||||
CVE-2023-40061 | 1 Solarwinds | 1 Solarwinds Platform | 2024-02-05 | N/A | 8.8 HIGH |
Insecure job execution mechanism vulnerability. This vulnerability can lead to other attacks as a result. | |||||
CVE-2023-3622 | 1 Solarwinds | 1 Solarwinds Platform | 2024-02-05 | N/A | 4.3 MEDIUM |
Access Control Bypass Vulnerability in the SolarWinds Platform that allows an underprivileged user to read arbitrary resource | |||||
CVE-2023-35179 | 1 Solarwinds | 1 Serv-u | 2024-02-05 | N/A | 7.2 HIGH |
A vulnerability has been identified within Serv-U 15.4 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action. |