ReportizFlow
Filtered by vendor Solarwinds
Subscriptions
Total
290 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-7646 | 1 Solarwinds | 1 Log \& Event Manager | 2024-11-21 | N/A |
| SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an authenticated user to browse the server's filesystem and read the contents of arbitrary files contained within. | ||||
| CVE-2017-6803 | 1 Solarwinds | 1 Ftp Voyager | 2024-11-21 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface in the Scheduler in SolarWinds (formerly Serv-U) FTP Voyager 16.2.0 allow remote attackers to hijack the authentication of users for requests that (1) change the admin password, (2) terminate the scheduler, or (3) possibly execute arbitrary commands via crafted requests to Admin/XML/Result.xml. | ||||
| CVE-2017-5199 | 1 Solarwinds | 1 Log And Event Manager | 2024-11-21 | N/A |
| The editbanner feature in SolarWinds LEM (aka SIEM) through 6.3.1 allows remote authenticated users to execute arbitrary code by editing /usr/local/contego/scripts/mgrconfig.pl. | ||||
| CVE-2017-5198 | 1 Solarwinds | 1 Log And Event Manager | 2024-11-21 | N/A |
| SolarWinds LEM (aka SIEM) before 6.3.1 has an incorrect sudo configuration, which allows local users to obtain root access by editing /usr/local/contego/scripts/hostname.sh. | ||||
| CVE-2012-2576 | 1 Solarwinds | 3 Backup Profiler, Storage Manager, Storage Profiler | 2024-11-21 | N/A |
| SQL injection vulnerability in the LoginServlet page in SolarWinds Storage Manager before 5.1.2, SolarWinds Storage Profiler before 5.1.2, and SolarWinds Backup Profiler before 5.1.2 allows remote attackers to execute arbitrary SQL commands via the loginName field. | ||||
| CVE-2024-45715 | 1 Solarwinds | 1 Solarwinds Platform | 2024-10-30 | 7.1 High |
| The SolarWinds Platform was susceptible to a Cross-Site Scripting vulnerability when performing an edit function to existing elements. | ||||
| CVE-2024-45714 | 1 Solarwinds | 1 Serv-u | 2024-10-30 | 4.8 Medium |
| Application is vulnerable to Cross Site Scripting (XSS) an authenticated attacker with users’ permissions can modify a variable with a payload. | ||||
| CVE-2024-45711 | 1 Solarwinds | 1 Serv-u | 2024-10-17 | 7.5 High |
| SolarWinds Serv-U is vulnerable to a directory traversal vulnerability where remote code execution is possible depending on privileges given to the authenticated user. This issue requires a user to be authenticated and this is present when software environment variables are abused. Authentication is required for this vulnerability | ||||
| CVE-2024-28991 | 1 Solarwinds | 1 Access Rights Manager | 2024-09-17 | 9 Critical |
| SolarWinds Access Rights Manager (ARM) was found to be susceptible to a remote code execution vulnerability. If exploited, this vulnerability would allow an authenticated user to abuse the service, resulting in remote code execution. | ||||
| CVE-2024-28990 | 1 Solarwinds | 1 Access Rights Manager | 2024-09-16 | 6.3 Medium |
| SolarWinds Access Rights Manager (ARM) was found to contain a hard-coded credential authentication bypass vulnerability. If exploited, this vulnerability would allow access to the RabbitMQ management console. We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities. | ||||