Solarwinds Security Vulnerabilities
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
7.2CVSS
7.2AI Score
0.001EPSS
The SolarWinds Platform was susceptible to the Local Privilege Escalation Vulnerability. This vulnerability allows a local adversary with a valid system user account to escalate local privileges.
7.8CVSS
7.5AI Score
0.001EPSS
SolarWinds Platform was susceptible to the Directory Traversal Vulnerability. This vulnerability allows a local adversary with authenticated account access to edit the default configuration, enabling the execution of arbitrary commands.
7.8CVSS
7.4AI Score
0.002EPSS
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
7.2CVSS
7.2AI Score
0.001EPSS
Customers who had configured their polling to occur via Kerberos did not expect NTLM Traffic on their environment, but since we were querying for data via IP address this prevented us from utilizing Kerberos.
7.5CVSS
7.5AI Score
0.001EPSS
The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform account to append URL parameters to inject HTML.
6.1CVSS
6.2AI Score
0.001EPSS
Sensitive information was stored in plain text in a file that is accessible by a user with a local account in Hybrid Cloud Observability (HCO)/ SolarWinds Platform 2022.4. No other versions are affected
5.5CVSS
5.2AI Score
0.0004EPSS
SolarWinds Platform version 2022.4.1 was found to be susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to the SolarWinds Web Console to execute arbitrary commands.
7.2CVSS
7.2AI Score
0.001EPSS
No exception handling vulnerability which revealed sensitive or excessive information to users.
7.5CVSS
7.3AI Score
0.002EPSS
Directory traversal and file enumeration vulnerability which allowed users to enumerate to different folders of the server.
6.5CVSS
6.4AI Score
0.001EPSS
The SolarWinds Platform was susceptible to the Exposure of Sensitive Information Vulnerability. This vulnerability allows users to access Orion.WebCommunityStrings SWIS schema object and obtain sensitive information.
6.5CVSS
6.3AI Score
0.001EPSS
The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges.
7.2CVSS
7.3AI Score
0.001EPSS
SolarWinds Serv-U is submitting an HTTP request when changing or updating the attributes for File Share or File request. Part of the URL of the request discloses sensitive data.
7.5CVSS
7.6AI Score
0.001EPSS
The SolarWinds Network Configuration Manager was susceptible to the Directory Traversal Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands.
7.2CVSS
7.2AI Score
0.002EPSS
The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands.
7.2CVSS
7.2AI Score
0.001EPSS
The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with SYSTEM privileges.
7.2CVSS
7.3AI Score
0.001EPSS
The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges.
7.2CVSS
7.3AI Score
0.001EPSS
The SolarWinds Platform was susceptible to the Incorrect Behavior Order Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges.
7.2CVSS
7.3AI Score
0.001EPSS
The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with SYSTEM privileges.
7.2CVSS
7.3AI Score
0.001EPSS
The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows a low-level user to perform the actions with SYSTEM privileges.
8.8CVSS
8.8AI Score
0.008EPSS
The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability This vulnerability allows a low level user to perform the actions with SYSTEM privileges.
8.8CVSS
8.7AI Score
0.008EPSS
The SolarWinds Network Configuration Manager was susceptible to the Exposure of Sensitive Information Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to obtain sensitive information.
4.9CVSS
5AI Score
0.0005EPSS
The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform account to append URL parameters to inject passive HTML.
3.5CVSS
4.2AI Score
0.0005EPSS
6.1CVSS
5.9AI Score
0.001EPSS
A vulnerability has been identified within Serv-U 15.4 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action.
7.2CVSS
6.9AI Score
0.001EPSS
The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows authenticated users to abuse SolarWinds ARM API.
8.8CVSS
8.7AI Score
0.012EPSS
The SolarWinds Access Rights Manager was susceptible to Privilege Escalation Vulnerability. This vulnerability allows users to abuse incorrect folder permission resulting in Privilege Escalation.
7.8CVSS
7.4AI Score
0.001EPSS
The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability can be abused by unauthenticated users on SolarWinds ARM Server.
9.8CVSS
9.7AI Score
0.034EPSS
The SolarWinds Access Rights Manager was susceptible to Privilege Escalation Vulnerability. This vulnerability allows authenticated users to abuse local resources to Privilege Escalation.
7.8CVSS
7.3AI Score
0.001EPSS
The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an unauthenticated user to abuse a SolarWinds service resulting in a remote code execution.
9.8CVSS
9.9AI Score
0.034EPSS
The SolarWinds Access Rights Manager was susceptible to a Directory Traversal Remote Code Vulnerability using SYSTEM privileges.
6.8CVSS
7AI Score
0.001EPSS
The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an authenticated user to abuse SolarWinds service resulting in remote code execution.
8.8CVSS
9AI Score
0.012EPSS
The SolarWinds Access Rights Manager was susceptible to a Directory Traversal Remote Code Vulnerability. This vulnerability allows an unauthenticated user to achieve the Remote Code Execution.
9.8CVSS
9.6AI Score
0.014EPSS
SQL Injection Remote Code Execution Vulnerability was found using a create statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited.
8.8CVSS
9AI Score
0.002EPSS
Access Control Bypass Vulnerability in the SolarWinds Platform that allows an underprivileged user to read arbitrary resource
4.3CVSS
4.6AI Score
0.0005EPSS
A vulnerability has been identified within Serv-U 15.4 that allows an authenticated actor to insert content on the file share function feature of Serv-U, which could be used maliciously.
5CVSS
5AI Score
0.0004EPSS
The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows a low-level user to perform the actions with SYSTEM privileges. We found this issue was not resolved in CVE-2023-33226
8.8CVSS
8.7AI Score
0.008EPSS
The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows a low-level user to perform the actions with SYSTEM privileges. We found this issue was not resolved in CVE-2023-33227
8.8CVSS
8.7AI Score
0.008EPSS
SQL Injection Remote Code Vulnerability was found in the SolarWindsPlatform. This vulnerability can be exploited with a low privileged account.
8.8CVSS
8.8AI Score
0.001EPSS
The SolarWinds Access Rights Manager was found to be susceptible to a Remote Code Execution Vulnerability. If exploited, this vulnerability allows an authenticated user to abuse a SolarWinds service resulting in remote code execution.
9CVSS
9.2AI Score
0.001EPSS
Sensitive data was added to our public-facing knowledgebase that, if exploited, could be used to access components of Access Rights Manager (ARM) if the threat actor is in the same environment.
6.5CVSS
6.3AI Score
0.001EPSS
A vulnerability has been identified within Serv-U 15.4 and 15.4 Hotfix 1 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action.15.4. SolarWinds found that the issue was not completely fix...
7.2CVSS
6.9AI Score
0.001EPSS
Insecurejob execution mechanism vulnerability. Thisvulnerability can lead to other attacks as a result.
8.8CVSS
8.6AI Score
0.001EPSS
SolarWinds Platform Incomplete List of Disallowed Inputs Remote Code Execution Vulnerability. If executed, this vulnerability would allow a low-privileged user to execute commands with SYSTEM privileges.
8.8CVSS
9.1AI Score
0.002EPSS
SQL Injection Remote Code Execution Vulnerability was found using an update statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited
8.8CVSS
9AI Score
0.002EPSS
The Debug Log Manager WordPress plugin before 2.3.0 contains a Directory listing vulnerability was discovered, which allows you to download the debug log without authorization and gain access to sensitive data
7.5CVSS
7.5AI Score
0.001EPSS
The SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited, this vulnerability allows an unauthenticated user to achieve the Remote Code Execution.
9.6CVSS
9.5AI Score
0.002EPSS
The SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited, this vulnerability allows an unauthenticated user to achieve a Remote Code Execution.
9.6CVSS
9.5AI Score
0.002EPSS
SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Remote Code Execution Vulnerability. If exploited, this vulnerability allows an authenticated user to abuse a SolarWinds service, resulting in remote code execution.
8CVSS
8.1AI Score
0.001EPSS
SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited, this vulnerability allows an unauthenticated user to achieve a Remote Code Execution.
9.6CVSS
9.5AI Score
0.001EPSS