Filtered by vendor Solarwinds
Subscriptions
Total
290 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-3643 | 1 Solarwinds | 1 Virtualization Manager | 2025-03-07 | 7.8 High |
| SolarWinds Virtualization Manager 6.3.1 and earlier allow local users to gain privileges by leveraging a misconfiguration of sudo, as demonstrated by "sudo cat /etc/passwd." | ||||
| CVE-2024-45710 | 1 Solarwinds | 1 Solarwinds Platform | 2025-03-01 | 7.8 High |
| SolarWinds Platform is susceptible to an Uncontrolled Search Path Element Local Privilege Escalation vulnerability. This requires a low privilege account and local access to the affected node machine. | ||||
| CVE-2023-40060 | 1 Solarwinds | 1 Serv-u | 2025-02-27 | 7.2 High |
| A vulnerability has been identified within Serv-U 15.4 and 15.4 Hotfix 1 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action. 15.4. SolarWinds found that the issue was not completely fixed in 15.4 Hotfix 1. | ||||
| CVE-2023-23840 | 1 Solarwinds | 1 Orion Platform | 2025-02-27 | 6.8 Medium |
| The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges. | ||||
| CVE-2023-23845 | 1 Solarwinds | 1 Orion Platform | 2025-02-27 | 6.8 Medium |
| The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges. | ||||
| CVE-2024-28989 | 1 Solarwinds | 1 Web Help Desk | 2025-02-25 | 5.5 Medium |
| SolarWinds Web Help Desk was found to have a hardcoded cryptographic key that could allow the disclosure of sensitive information from the software. | ||||
| CVE-2024-52606 | 1 Solarwinds | 1 Solarwinds Platform | 2025-02-25 | 3.5 Low |
| SolarWinds Platform is affected by server-side request forgery vulnerability. Proper input sanitation was not applied allowing for the possibility of a malicious web request. | ||||
| CVE-2024-52611 | 1 Solarwinds | 1 Solarwinds Platform | 2025-02-25 | 3.5 Low |
| The SolarWinds Platform is vulnerable to an information disclosure vulnerability through an error message. While the data does not provide anything sensitive, the information could assist an attacker in other malicious actions. | ||||
| CVE-2024-52612 | 1 Solarwinds | 1 Solarwinds Platform | 2025-02-25 | 6.8 Medium |
| SolarWinds Platform is vulnerable to a reflected cross-site scripting vulnerability. This was caused by an insufficient sanitation of input parameters. This vulnerability requires authentication by a high- privileged account to be exploitable. | ||||
| CVE-2024-45709 | 1 Solarwinds | 1 Web Help Desk | 2025-02-25 | 5.3 Medium |
| SolarWinds Web Help Desk was susceptible to a local file read vulnerability. This vulnerability requires the software be installed on Linux and configured to use non-default development/test mode making exposure to the vulnerability very limited. | ||||
| CVE-2024-45713 | 1 Solarwinds | 1 Kiwi Cattools | 2025-02-25 | 5.1 Medium |
| SolarWinds Kiwi CatTools is susceptible to a sensitive data disclosure vulnerability when a non-default setting has been enabled for troubleshooting purposes. | ||||
| CVE-2024-28072 | 1 Solarwinds | 1 Serv-u | 2025-02-25 | 5.7 Medium |
| A highly privileged account can overwrite arbitrary files on the system with log output. The log file path tags were not sanitized properly. | ||||
| CVE-2021-35247 | 1 Solarwinds | 1 Serv-u | 2025-02-14 | 4.3 Medium |
| Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized. SolarWinds has updated the input mechanism to perform additional validation and sanitization. Please Note: No downstream affect has been detected as the LDAP servers ignored improper characters. To insure proper input validation is completed in all environments. SolarWinds recommends scheduling an update to the latest version of Serv-U. | ||||
| CVE-2024-29000 | 1 Solarwinds | 1 Solarwinds Platform | 2025-02-10 | 7.9 High |
| The SolarWinds Platform was determined to be affected by a reflected cross-site scripting vulnerability affecting the web console. A high-privileged user and user interaction is required to exploit this vulnerability. | ||||
| CVE-2024-28075 | 1 Solarwinds | 1 Access Rights Manager | 2025-02-10 | 9 Critical |
| The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an authenticated user to abuse SolarWinds service resulting in remote code execution. We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities. | ||||
| CVE-2024-23473 | 1 Solarwinds | 1 Access Rights Manager | 2025-02-10 | 8.6 High |
| The SolarWinds Access Rights Manager was found to contain a hard-coded credential authentication bypass vulnerability. If exploited, this vulnerability allows access to the RabbitMQ management console. We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities. | ||||
| CVE-2024-29003 | 1 Solarwinds | 1 Solarwinds Platform | 2025-02-10 | 7.5 High |
| The SolarWinds Platform was susceptible to a XSS vulnerability that affects the maps section of the user interface. This vulnerability requires authentication and requires user interaction. | ||||
| CVE-2024-29001 | 1 Solarwinds | 1 Solarwinds Platform | 2025-02-10 | 7.5 High |
| A SolarWinds Platform SWQL Injection Vulnerability was identified in the user interface. This vulnerability requires authentication and user interaction to be exploited. | ||||
| CVE-2024-28076 | 1 Solarwinds | 1 Solarwinds Platform | 2025-02-10 | 7 High |
| The SolarWinds Platform was susceptible to a Arbitrary Open Redirection Vulnerability. A potential attacker can redirect to different domain when using URL parameter with relative entry in the correct format | ||||
| CVE-2024-28073 | 1 Solarwinds | 1 Serv-u | 2025-02-10 | 8.4 High |
| SolarWinds Serv-U was found to be susceptible to a Directory Traversal Remote Code Vulnerability. This vulnerability requires a highly privileged account to be exploited. | ||||