Solarwinds

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-33225 1Solarwinds 1Solarwinds Platform Nov 21, 2024 Jul 26, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with SYSTEM privileges...Show more The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with SYSTEM privileges.Show less
CVE-2023-33224 1Solarwinds 1Solarwinds Platform Nov 21, 2024 Jul 26, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 The SolarWinds Platform was susceptible to the Incorrect Behavior Order Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVI...Show more The SolarWinds Platform was susceptible to the Incorrect Behavior Order Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges.Show less
CVE-2023-23844 1Solarwinds 1Solarwinds Platform Nov 21, 2024 Jul 26, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with SYSTEM privileges...Show more The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with SYSTEM privileges.Show less
CVE-2023-23843 1Solarwinds 1Solarwinds Platform Nov 21, 2024 Jul 26, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands.
CVE-2023-33231 1Solarwinds 1Database Performance Analyzer Nov 21, 2024 Jul 18, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 XSS attack was possible in DPA 2023.2 due to insufficient input validation
CVE-2023-23841 1Solarwinds 1Serv U Feb 25, 2026 Jun 15, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 SolarWinds Serv-U is submitting an HTTP request when changing or updating the attributes for File Share or File request.  Part of the URL of the request discloses sensitive data.
CVE-2023-23839 1Solarwinds 1Solarwinds Platform Nov 21, 2024 Apr 25, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 The SolarWinds Platform was susceptible to the Exposure of Sensitive Information Vulnerability. This vulnerability allows users to access Orion.WebCommunityStrings SWIS schema object and obtain sensitive information.
CVE-2023-23838 1Solarwinds 1Database Performance Analyzer Feb 4, 2025 Apr 25, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Directory traversal and file enumeration vulnerability which allowed users to enumerate to different folders of the server.
CVE-2023-23837 1Solarwinds 1Database Performance Analyzer Feb 4, 2025 Apr 25, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 No exception handling vulnerability which revealed sensitive or excessive information to users.
CVE-2022-47509 1Solarwinds 1Orion Platform Nov 21, 2024 Apr 21, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform account to append URL parameters to inject HTML....Show more The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform account to append URL parameters to inject HTML. Show less
CVE-2022-47505 1Solarwinds 1Orion Platform Nov 21, 2024 Apr 21, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 The SolarWinds Platform was susceptible to the Local Privilege Escalation Vulnerability. This vulnerability allows a local adversary with a valid system user account to escalate local privileges.
CVE-2022-36963 1Solarwinds 1Orion Platform Nov 21, 2024 Apr 21, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 The SolarWinds Platform was susceptible to the Command Injection Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform admin account to execute arbitrary commands.
CVE-2023-23836 1Solarwinds 1Orion Platform Nov 21, 2024 Feb 15, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 SolarWinds Platform version 2022.4.1 was found to be susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to the SolarWinds Web Console...Show more SolarWinds Platform version 2022.4.1 was found to be susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to the SolarWinds Web Console to execute arbitrary commands. Show less
CVE-2022-47508 1Solarwinds 1Server And Application Monitor Nov 21, 2024 Feb 15, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Customers who had configured their polling to occur via Kerberos did not expect NTLM Traffic on their environment, but since we were querying for data via IP address this prevented us from utilizing Kerberos.
CVE-2022-47507 1Solarwinds 1Orion Platform Nov 21, 2024 Feb 15, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
CVE-2022-47506 1Solarwinds 1Orion Platform Nov 21, 2024 Feb 15, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 SolarWinds Platform was susceptible to the Directory Traversal Vulnerability. This vulnerability allows a local adversary with authenticated account access to edit the default configuration, enabling the execution of arb...Show more SolarWinds Platform was susceptible to the Directory Traversal Vulnerability. This vulnerability allows a local adversary with authenticated account access to edit the default configuration, enabling the execution of arbitrary commands. Show less
CVE-2022-47504 1Solarwinds 1Orion Platform Nov 21, 2024 Feb 15, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
CVE-2022-47503 1Solarwinds 1Orion Platform Nov 21, 2024 Feb 15, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
CVE-2022-38111 1Solarwinds 1Orion Platform Nov 21, 2024 Feb 15, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
CVE-2022-47012 1Solarwinds 1Dynamips Apr 3, 2025 Jan 20, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Use of uninitialized variable in function gen_eth_recv in GNS3 dynamips 0.2.21.

Previous 1...567...16 Next