Filtered by vendor Solarwinds
Subscribe
Total
290 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-47506 | 1 Solarwinds | 1 Orion Platform | 2024-11-21 | N/A | 7.8 HIGH |
| SolarWinds Platform was susceptible to the Directory Traversal Vulnerability. This vulnerability allows a local adversary with authenticated account access to edit the default configuration, enabling the execution of arbitrary commands. | |||||
| CVE-2022-47505 | 1 Solarwinds | 1 Orion Platform | 2024-11-21 | N/A | 7.8 HIGH |
| The SolarWinds Platform was susceptible to the Local Privilege Escalation Vulnerability. This vulnerability allows a local adversary with a valid system user account to escalate local privileges. | |||||
| CVE-2022-47504 | 1 Solarwinds | 1 Orion Platform | 2024-11-21 | N/A | 7.2 HIGH |
| SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands. | |||||
| CVE-2022-47503 | 1 Solarwinds | 1 Orion Platform | 2024-11-21 | N/A | 7.2 HIGH |
| SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands. | |||||
| CVE-2022-38115 | 1 Solarwinds | 1 Security Event Manager | 2024-11-21 | N/A | 5.3 MEDIUM |
| Insecure method vulnerability in which allowed HTTP methods are disclosed. E.g., OPTIONS, DELETE, TRACE, and PUT | |||||
| CVE-2022-38114 | 1 Solarwinds | 1 Security Event Manager | 2024-11-21 | N/A | 6.1 MEDIUM |
| This vulnerability occurs when a web server fails to correctly process the Content-Length of POST requests. This can lead to HTTP request smuggling or XSS. | |||||
| CVE-2022-38113 | 1 Solarwinds | 1 Security Event Manager | 2024-11-21 | N/A | 5.3 MEDIUM |
| This vulnerability discloses build and services versions in the server response header. | |||||
| CVE-2022-38112 | 1 Solarwinds | 1 Database Performance Analyzer | 2024-11-21 | N/A | 7.5 HIGH |
| In DPA 2022.4 and older releases, generated heap memory dumps contain sensitive information in cleartext. | |||||
| CVE-2022-38111 | 1 Solarwinds | 1 Orion Platform | 2024-11-21 | N/A | 7.2 HIGH |
| SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands. | |||||
| CVE-2022-38110 | 1 Solarwinds | 1 Database Performance Analyzer | 2024-11-21 | N/A | 5.4 MEDIUM |
| In Database Performance Analyzer (DPA) 2022.4 and older releases, certain URL vectors are susceptible to authenticated reflected cross-site scripting. | |||||
| CVE-2022-38108 | 1 Solarwinds | 1 Orion Platform | 2024-11-21 | N/A | 7.2 HIGH |
| SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands. | |||||
| CVE-2022-38107 | 1 Solarwinds | 1 Sql Sentry | 2024-11-21 | N/A | 5.3 MEDIUM |
| Sensitive information could be displayed when a detailed technical error message is posted. This information could disclose environmental details. | |||||
| CVE-2022-38106 | 1 Solarwinds | 1 Serv-u | 2024-11-21 | N/A | 5.4 MEDIUM |
| This vulnerability happens in the web client versions 15.3.0 to Serv-U 15.3.1. This vulnerability affects the directory creation function. | |||||
| CVE-2022-36966 | 1 Solarwinds | 1 Orion Platform | 2024-11-21 | N/A | 5.4 MEDIUM |
| Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds Platform 2022.3 and previous. | |||||
| CVE-2022-36965 | 1 Solarwinds | 1 Solarwinds Platform | 2024-11-21 | N/A | 6.1 MEDIUM |
| Insufficient sanitization of inputs in QoE application input field could lead to stored and Dom based XSS attack. This issue is fixed and released in SolarWinds Platform (2022.3.0). | |||||
| CVE-2022-36964 | 1 Solarwinds | 1 Orion Platform | 2024-11-21 | N/A | 8.8 HIGH |
| SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands. | |||||
| CVE-2022-36963 | 1 Solarwinds | 1 Orion Platform | 2024-11-21 | N/A | 7.2 HIGH |
| The SolarWinds Platform was susceptible to the Command Injection Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform admin account to execute arbitrary commands. | |||||
| CVE-2022-36962 | 1 Solarwinds | 1 Orion Platform | 2024-11-21 | N/A | 7.2 HIGH |
| SolarWinds Platform was susceptible to Command Injection. This vulnerability allows a remote adversary with complete control over the SolarWinds database to execute arbitrary commands. | |||||
| CVE-2022-36961 | 1 Solarwinds | 1 Orion Platform | 2024-11-21 | N/A | 8.8 HIGH |
| A vulnerable component of Orion Platform was vulnerable to SQL Injection, an authenticated attacker could leverage this for privilege escalation or remote code execution. | |||||
| CVE-2022-36960 | 1 Solarwinds | 1 Orion Platform | 2024-11-21 | N/A | 8.8 HIGH |
| SolarWinds Platform was susceptible to Improper Input Validation. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to escalate user privileges. | |||||