Filtered by vendor Solarwinds
Subscribe
Total
310 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-45713 | 1 Solarwinds | 1 Kiwi Cattools | 2025-02-25 | N/A | 5.1 MEDIUM |
| SolarWinds Kiwi CatTools is susceptible to a sensitive data disclosure vulnerability when a non-default setting has been enabled for troubleshooting purposes. | |||||
| CVE-2024-28072 | 1 Solarwinds | 1 Serv-u | 2025-02-25 | N/A | 5.7 MEDIUM |
| A highly privileged account can overwrite arbitrary files on the system with log output. The log file path tags were not sanitized properly. | |||||
| CVE-2024-23473 | 1 Solarwinds | 1 Access Rights Manager | 2025-02-10 | N/A | 8.6 HIGH |
| The SolarWinds Access Rights Manager was found to contain a hard-coded credential authentication bypass vulnerability. If exploited, this vulnerability allows access to the RabbitMQ management console. We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities. | |||||
| CVE-2024-28073 | 1 Solarwinds | 1 Serv-u | 2025-02-10 | N/A | 8.4 HIGH |
| SolarWinds Serv-U was found to be susceptible to a Directory Traversal Remote Code Vulnerability. This vulnerability requires a highly privileged account to be exploited. | |||||
| CVE-2024-45717 | 1 Solarwinds | 1 Solarwinds Platform | 2025-02-06 | N/A | 7.0 HIGH |
| The SolarWinds Platform was susceptible to a XSS vulnerability that affects the search and node information section of the user interface. This vulnerability requires authentication and requires user interaction. | |||||
| CVE-2023-23838 | 2 Microsoft, Solarwinds | 2 Windows, Database Performance Analyzer | 2025-02-04 | N/A | 6.5 MEDIUM |
| Directory traversal and file enumeration vulnerability which allowed users to enumerate to different folders of the server. | |||||
| CVE-2023-23837 | 2 Microsoft, Solarwinds | 2 Windows, Database Performance Analyzer | 2025-02-04 | N/A | 7.5 HIGH |
| No exception handling vulnerability which revealed sensitive or excessive information to users. | |||||
| CVE-2024-23479 | 1 Solarwinds | 1 Access Rights Manager | 2024-11-21 | N/A | 9.6 CRITICAL |
| SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited, this vulnerability allows an unauthenticated user to achieve a Remote Code Execution. | |||||
| CVE-2024-23478 | 1 Solarwinds | 1 Access Rights Manager | 2024-11-21 | N/A | 8.0 HIGH |
| SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Remote Code Execution Vulnerability. If exploited, this vulnerability allows an authenticated user to abuse a SolarWinds service, resulting in remote code execution. | |||||
| CVE-2024-23477 | 1 Solarwinds | 1 Access Rights Manager | 2024-11-21 | N/A | 7.9 HIGH |
| The SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited, this vulnerability allows an unauthenticated user to achieve a Remote Code Execution. | |||||
| CVE-2024-23476 | 1 Solarwinds | 1 Access Rights Manager | 2024-11-21 | N/A | 9.6 CRITICAL |
| The SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited, this vulnerability allows an unauthenticated user to achieve the Remote Code Execution. | |||||
| CVE-2023-40062 | 1 Solarwinds | 1 Solarwinds Platform | 2024-11-21 | N/A | 8.0 HIGH |
| SolarWinds Platform Incomplete List of Disallowed Inputs Remote Code Execution Vulnerability. If executed, this vulnerability would allow a low-privileged user to execute commands with SYSTEM privileges. | |||||
| CVE-2023-40060 | 1 Solarwinds | 1 Serv-u | 2024-11-21 | N/A | 7.2 HIGH |
| A vulnerability has been identified within Serv-U 15.4 and 15.4 Hotfix 1 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action. 15.4. SolarWinds found that the issue was not completely fixed in 15.4 Hotfix 1. | |||||
| CVE-2023-40058 | 1 Solarwinds | 1 Access Rights Manager | 2024-11-21 | N/A | 6.5 MEDIUM |
| Sensitive data was added to our public-facing knowledgebase that, if exploited, could be used to access components of Access Rights Manager (ARM) if the threat actor is in the same environment. | |||||
| CVE-2023-40057 | 1 Solarwinds | 1 Access Rights Manager | 2024-11-21 | N/A | 9.0 CRITICAL |
| The SolarWinds Access Rights Manager was found to be susceptible to a Remote Code Execution Vulnerability. If exploited, this vulnerability allows an authenticated user to abuse a SolarWinds service resulting in remote code execution. | |||||
| CVE-2023-40056 | 1 Solarwinds | 1 Solarwinds Platform | 2024-11-21 | N/A | 8.0 HIGH |
| SQL Injection Remote Code Vulnerability was found in the SolarWinds Platform. This vulnerability can be exploited with a low privileged account. | |||||
| CVE-2023-40055 | 1 Solarwinds | 1 Network Configuration Manager | 2024-11-21 | N/A | 8.0 HIGH |
| The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows a low-level user to perform the actions with SYSTEM privileges. We found this issue was not resolved in CVE-2023-33227 | |||||
| CVE-2023-40054 | 1 Solarwinds | 1 Network Configuration Manager | 2024-11-21 | N/A | 8.0 HIGH |
| The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows a low-level user to perform the actions with SYSTEM privileges. We found this issue was not resolved in CVE-2023-33226 | |||||
| CVE-2023-40053 | 1 Solarwinds | 1 Serv-u | 2024-11-21 | N/A | 5.0 MEDIUM |
| A vulnerability has been identified within Serv-U 15.4 that allows an authenticated actor to insert content on the file share function feature of Serv-U, which could be used maliciously. | |||||
| CVE-2023-3622 | 1 Solarwinds | 1 Solarwinds Platform | 2024-11-21 | N/A | 4.3 MEDIUM |
| Access Control Bypass Vulnerability in the SolarWinds Platform that allows an underprivileged user to read arbitrary resource | |||||