243 matches found
SolarWinds Platform 代码问题漏洞
SolarWinds Platform is a unified monitoring, observability, and service management platform from U.S.-based SolarWinds, Inc. A code issue vulnerability exists in SolarWinds Platform versions 2024.2.1 and earlier, which stems from vulnerability to an uncontrolled local elevation of privilege...
PT-2024-9683 · Solarwinds · Solarwinds Platform
Name of the Vulnerable Software and Affected Versions: SolarWinds Platform affected versions not specified Description: The issue is related to a lack of protection for the web page structure in the Search/Node Information Section component of the SolarWinds Platform user interface. This allows a...
PT-2024-7446 · Solarwinds · Solarwinds Platform
Name of the Vulnerable Software and Affected Versions: SolarWinds Platform affected versions not specified Description: The issue is related to an Uncontrolled Search Path Element Local Privilege Escalation. It requires a low privilege account and local access to the affected node machine. This c...
The vulnerability of the Orion Login.aspx page of the SolarWinds Platform’s network monitoring and IT infrastructure management software allows a perpetrator to carry out a brute-force attack.
The vulnerability of the Orion Login.aspx page of the SolarWinds IT infrastructure monitoring and management software is related to synchronization errors when using a common resource. Exploiting this vulnerability could allow a malicious actor to carry out a brute-force attack...
SolarWinds Platform 2024.1 SR1 Race Condition
Exploit Title: SolarWinds Platform 2024.1 SR1 - Race Condition CVE: CVE-2024-28999 Affected Versions: SolarWinds Platform 2024.1 SR 1 and previous versions Author: Elhussain Fathy, AKA 0xSphinx import requests import urllib3 import asyncio import aiohttp...
Exploit for Race Condition in Solarwinds Solarwinds_Platform
CVE-2024-28999 Exploit for CVE-2024-28999 SolarWinds Platform...
Vulnerabilities fixed in Solarwinds Platform
Solarwinds has fixed vulnerabilities in Solarwinds Platform. A malicious party can exploit the vulnerabilities to cause a Denial-of-Service, execute a command injection, or perform a Cross-Site-Scripting attack. Such an attack can result in execution of arbitrary code in the victim's browser. For...
The vulnerability of the software for network monitoring and control of IT infrastructure on the SolarWinds Platform lies in the lack of protective measures for the SQL query structure, allowing attackers to execute arbitrary SQL code.
The vulnerability of the software for network monitoring and control of IT infrastructure on the SolarWinds Platform is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL code remotely...
CVE-2024-29004
The SolarWinds Platform was determined to be affected by a stored cross-site scripting vulnerability affecting the web console. A high-privileged user and user interaction is required to exploit this vulnerability...
CVE-2024-28999
The SolarWinds Platform was determined to be affected by a Race Condition Vulnerability affecting the web console...
CVE-2024-28996
The SolarWinds Platform was determined to be affected by a SWQL Injection Vulnerability. Attack complexity is high for this vulnerability...
CVE-2024-29000
The SolarWinds Platform was determined to be affected by a reflected cross-site scripting vulnerability affecting the web console. A high-privileged user and user interaction is required to exploit this vulnerability...
SolarWinds Platform 跨站脚本漏洞
SolarWinds Platform is a unified monitoring, observability, and service management platform from U.S.-based SolarWinds, Inc. A cross-site scripting vulnerability exists in SolarWinds Platform that stems from the Web console's susceptibility to cross-site scripting vulnerabilities...
The vulnerability of the user interface of SolarWinds Platform’s network monitoring and IT infrastructure management software allows a hacker to execute arbitrary code.
The vulnerability of the user interface of SolarWinds software for network monitoring and IT infrastructure management is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
SolarWinds Platform 2024.0 < 2024.1.1 Multiple Vulnerabilities XSS
The version of SolarWinds Platform installed on the remote host is prior to 2024.1.1. It is, therefore, affected by multiple vulnerabilities as referenced in the solarwindsplatform20241sr1 advisory. - The SolarWinds Platform was susceptible to a Arbitrary Open Redirection Vulnerability. A potenti...
CVE-2024-29003
The SolarWinds Platform was susceptible to a XSS vulnerability that affects the maps section of the user interface. This vulnerability requires authentication and requires user interaction...
CVE-2024-29003
The SolarWinds Platform was susceptible to a XSS vulnerability that affects the maps section of the user interface. This vulnerability requires authentication and requires user interaction...
CVE-2024-28076
The SolarWinds Platform was susceptible to a Arbitrary Open Redirection Vulnerability. A potential attacker can redirect to different domain when using URL parameter with relative entry in the correct format...
PT-2024-7954 · Solarwinds · Solarwinds Platform
Name of the Vulnerable Software and Affected Versions: SolarWinds Platform versions prior to 2024.1 Description: The issue is related to a reflected cross-site scripting vulnerability in the web console of the SolarWinds Platform. This vulnerability requires a high-privileged user and user...
PT-2024-3094 · Solarwinds · Solarwinds Platform
Name of the Vulnerable Software and Affected Versions: SolarWinds Platform affected versions not specified Description: A vulnerability was identified in the user interface of the SolarWinds Platform, related to a SWQL injection issue. This vulnerability requires authentication and user interacti...