Filtered by vendor Solarwinds
Subscriptions
Total
274 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-23467 | 1 Solarwinds | 1 Access Rights Manager | 2024-11-21 | 9.6 Critical |
The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. This vulnerability allows an unauthenticated user to perform remote code execution. | ||||
CVE-2024-23466 | 1 Solarwinds | 1 Access Rights Manager | 2024-11-21 | 9.6 Critical |
SolarWinds Access Rights Manager (ARM) is susceptible to a Directory Traversal Remote Code Execution vulnerability. If exploited, this vulnerability allows an unauthenticated user to perform the actions with SYSTEM privileges. | ||||
CVE-2024-23465 | 1 Solarwinds | 1 Access Rights Manager | 2024-11-21 | 8.3 High |
The SolarWinds Access Rights Manager was found to be susceptible to an authentication bypass vulnerability. This vulnerability allows an unauthenticated user to gain domain admin access within the Active Directory environment. | ||||
CVE-2023-50395 | 1 Solarwinds | 1 Solarwinds Platform | 2024-11-21 | 8 High |
SQL Injection Remote Code Execution Vulnerability was found using an update statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited | ||||
CVE-2023-40062 | 1 Solarwinds | 1 Solarwinds Platform | 2024-11-21 | 8 High |
SolarWinds Platform Incomplete List of Disallowed Inputs Remote Code Execution Vulnerability. If executed, this vulnerability would allow a low-privileged user to execute commands with SYSTEM privileges. | ||||
CVE-2023-40061 | 1 Solarwinds | 1 Solarwinds Platform | 2024-11-21 | 8.8 High |
Insecure job execution mechanism vulnerability. This vulnerability can lead to other attacks as a result. | ||||
CVE-2023-40060 | 1 Solarwinds | 1 Serv-u | 2024-11-21 | 7.2 High |
A vulnerability has been identified within Serv-U 15.4 and 15.4 Hotfix 1 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action. 15.4. SolarWinds found that the issue was not completely fixed in 15.4 Hotfix 1. | ||||
CVE-2023-40058 | 1 Solarwinds | 1 Access Rights Manager | 2024-11-21 | 6.5 Medium |
Sensitive data was added to our public-facing knowledgebase that, if exploited, could be used to access components of Access Rights Manager (ARM) if the threat actor is in the same environment. | ||||
CVE-2023-40057 | 1 Solarwinds | 1 Access Rights Manager | 2024-11-21 | 9 Critical |
The SolarWinds Access Rights Manager was found to be susceptible to a Remote Code Execution Vulnerability. If exploited, this vulnerability allows an authenticated user to abuse a SolarWinds service resulting in remote code execution. | ||||
CVE-2023-40056 | 1 Solarwinds | 1 Solarwinds Platform | 2024-11-21 | 8 High |
SQL Injection Remote Code Vulnerability was found in the SolarWinds Platform. This vulnerability can be exploited with a low privileged account. | ||||
CVE-2023-40055 | 1 Solarwinds | 1 Network Configuration Manager | 2024-11-21 | 8 High |
The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows a low-level user to perform the actions with SYSTEM privileges. We found this issue was not resolved in CVE-2023-33227 | ||||
CVE-2023-40054 | 1 Solarwinds | 1 Network Configuration Manager | 2024-11-21 | 8 High |
The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows a low-level user to perform the actions with SYSTEM privileges. We found this issue was not resolved in CVE-2023-33226 | ||||
CVE-2023-40053 | 1 Solarwinds | 1 Serv-u | 2024-11-21 | 5 Medium |
A vulnerability has been identified within Serv-U 15.4 that allows an authenticated actor to insert content on the file share function feature of Serv-U, which could be used maliciously. | ||||
CVE-2023-3622 | 1 Solarwinds | 1 Solarwinds Platform | 2024-11-21 | 4.3 Medium |
Access Control Bypass Vulnerability in the SolarWinds Platform that allows an underprivileged user to read arbitrary resource | ||||
CVE-2023-35188 | 1 Solarwinds | 1 Solarwinds Platform | 2024-11-21 | 8 High |
SQL Injection Remote Code Execution Vulnerability was found using a create statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited. | ||||
CVE-2023-35187 | 1 Solarwinds | 1 Access Rights Manager | 2024-11-21 | 8.8 High |
The SolarWinds Access Rights Manager was susceptible to a Directory Traversal Remote Code Vulnerability. This vulnerability allows an unauthenticated user to achieve the Remote Code Execution. | ||||
CVE-2023-35186 | 1 Solarwinds | 1 Access Rights Manager | 2024-11-21 | 8 High |
The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an authenticated user to abuse SolarWinds service resulting in remote code execution. | ||||
CVE-2023-35185 | 1 Solarwinds | 1 Access Rights Manager | 2024-11-21 | 6.8 Medium |
The SolarWinds Access Rights Manager was susceptible to a Directory Traversal Remote Code Vulnerability using SYSTEM privileges. | ||||
CVE-2023-35184 | 1 Solarwinds | 1 Access Rights Manager | 2024-11-21 | 8.8 High |
The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an unauthenticated user to abuse a SolarWinds service resulting in a remote code execution. | ||||
CVE-2023-35183 | 1 Solarwinds | 1 Access Rights Manager | 2024-11-21 | 7.8 High |
The SolarWinds Access Rights Manager was susceptible to Privilege Escalation Vulnerability. This vulnerability allows authenticated users to abuse local resources to Privilege Escalation. |