Filtered by vendor Solarwinds
Subscribe
Total
304 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-23468 | 1 Solarwinds | 1 Access Rights Manager | 2025-02-26 | N/A | 7.6 HIGH |
| The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. This vulnerability allows an unauthenticated user to perform arbitrary file deletion and leak sensitive information. | |||||
| CVE-2024-23467 | 1 Solarwinds | 1 Access Rights Manager | 2025-02-26 | N/A | 9.6 CRITICAL |
| The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. This vulnerability allows an unauthenticated user to perform remote code execution. | |||||
| CVE-2024-23466 | 1 Solarwinds | 1 Access Rights Manager | 2025-02-26 | N/A | 9.6 CRITICAL |
| SolarWinds Access Rights Manager (ARM) is susceptible to a Directory Traversal Remote Code Execution vulnerability. If exploited, this vulnerability allows an unauthenticated user to perform the actions with SYSTEM privileges. | |||||
| CVE-2024-23465 | 1 Solarwinds | 1 Access Rights Manager | 2025-02-26 | N/A | 8.3 HIGH |
| The SolarWinds Access Rights Manager was found to be susceptible to an authentication bypass vulnerability. This vulnerability allows an unauthenticated user to gain domain admin access within the Active Directory environment. | |||||
| CVE-2024-0692 | 1 Solarwinds | 1 Security Event Manager | 2025-02-26 | N/A | 8.8 HIGH |
| The SolarWinds Security Event Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an unauthenticated user to abuse SolarWinds’ service, resulting in remote code execution. | |||||
| CVE-2023-50395 | 1 Solarwinds | 1 Solarwinds Platform | 2025-02-26 | N/A | 8.0 HIGH |
| SQL Injection Remote Code Execution Vulnerability was found using an update statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited | |||||
| CVE-2023-40061 | 1 Solarwinds | 1 Solarwinds Platform | 2025-02-26 | N/A | 8.8 HIGH |
| Insecure job execution mechanism vulnerability. This vulnerability can lead to other attacks as a result. | |||||
| CVE-2023-35188 | 1 Solarwinds | 1 Solarwinds Platform | 2025-02-26 | N/A | 8.0 HIGH |
| SQL Injection Remote Code Execution Vulnerability was found using a create statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited. | |||||
| CVE-2023-35185 | 1 Solarwinds | 1 Access Rights Manager | 2025-02-26 | N/A | 6.8 MEDIUM |
| The SolarWinds Access Rights Manager was susceptible to a Directory Traversal Remote Code Vulnerability using SYSTEM privileges. | |||||
| CVE-2024-28989 | 1 Solarwinds | 1 Web Help Desk | 2025-02-25 | N/A | 5.5 MEDIUM |
| SolarWinds Web Help Desk was found to have a hardcoded cryptographic key that could allow the disclosure of sensitive information from the software. | |||||
| CVE-2024-52606 | 1 Solarwinds | 1 Solarwinds Platform | 2025-02-25 | N/A | 3.5 LOW |
| SolarWinds Platform is affected by server-side request forgery vulnerability. Proper input sanitation was not applied allowing for the possibility of a malicious web request. | |||||
| CVE-2024-52611 | 1 Solarwinds | 1 Solarwinds Platform | 2025-02-25 | N/A | 3.5 LOW |
| The SolarWinds Platform is vulnerable to an information disclosure vulnerability through an error message. While the data does not provide anything sensitive, the information could assist an attacker in other malicious actions. | |||||
| CVE-2024-52612 | 1 Solarwinds | 1 Solarwinds Platform | 2025-02-25 | N/A | 6.8 MEDIUM |
| SolarWinds Platform is vulnerable to a reflected cross-site scripting vulnerability. This was caused by an insufficient sanitation of input parameters. This vulnerability requires authentication by a high- privileged account to be exploitable. | |||||
| CVE-2024-45709 | 1 Solarwinds | 1 Web Help Desk | 2025-02-25 | N/A | 5.3 MEDIUM |
| SolarWinds Web Help Desk was susceptible to a local file read vulnerability. This vulnerability requires the software be installed on Linux and configured to use non-default development/test mode making exposure to the vulnerability very limited. | |||||
| CVE-2024-45713 | 1 Solarwinds | 1 Kiwi Cattools | 2025-02-25 | N/A | 5.1 MEDIUM |
| SolarWinds Kiwi CatTools is susceptible to a sensitive data disclosure vulnerability when a non-default setting has been enabled for troubleshooting purposes. | |||||
| CVE-2024-28072 | 1 Solarwinds | 1 Serv-u | 2025-02-25 | N/A | 5.7 MEDIUM |
| A highly privileged account can overwrite arbitrary files on the system with log output. The log file path tags were not sanitized properly. | |||||
| CVE-2024-23473 | 1 Solarwinds | 1 Access Rights Manager | 2025-02-10 | N/A | 8.6 HIGH |
| The SolarWinds Access Rights Manager was found to contain a hard-coded credential authentication bypass vulnerability. If exploited, this vulnerability allows access to the RabbitMQ management console. We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities. | |||||
| CVE-2024-28073 | 1 Solarwinds | 1 Serv-u | 2025-02-10 | N/A | 8.4 HIGH |
| SolarWinds Serv-U was found to be susceptible to a Directory Traversal Remote Code Vulnerability. This vulnerability requires a highly privileged account to be exploited. | |||||
| CVE-2024-45717 | 1 Solarwinds | 1 Solarwinds Platform | 2025-02-06 | N/A | 7.0 HIGH |
| The SolarWinds Platform was susceptible to a XSS vulnerability that affects the search and node information section of the user interface. This vulnerability requires authentication and requires user interaction. | |||||
| CVE-2023-23838 | 2 Microsoft, Solarwinds | 2 Windows, Database Performance Analyzer | 2025-02-04 | N/A | 6.5 MEDIUM |
| Directory traversal and file enumeration vulnerability which allowed users to enumerate to different folders of the server. | |||||