Lucene search

K

25 matches found

CVE
CVE
added 2021/02/03 5:15 p.m.231 views

CVE-2021-25274

The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ (Microsoft Message Queue) and doesn't set permissions on its private queues. As a result, remote unauthenticated clients can send messages to TCP port 1801 that the Collector Service will process. Additionally, upon proces...

10CVSS9.7AI score0.64367EPSS
CVE
CVE
added 2019/03/01 10:29 p.m.199 views

CVE-2019-9546

SolarWinds Orion Platform before 2018.4 Hotfix 2 allows privilege escalation through the RabbitMQ service.

9.8CVSS9.6AI score0.01826EPSS
In wild
CVE
CVE
added 2021/02/03 5:15 p.m.143 views

CVE-2021-25275

SolarWinds Orion Platform before 2020.2.4, as used by various SolarWinds products, installs and uses a SQL Server backend, and stores database credentials to access this backend in a file readable by unprivileged users. As a result, any user having access to the filesystem can read database login d...

7.8CVSS8.9AI score0.00106EPSS
CVE
CVE
added 2021/03/26 4:15 p.m.93 views

CVE-2021-3109

The custom menu item options page in SolarWinds Orion Platform before 2020.2.5 allows Reverse Tabnabbing in the context of an administrator account.

4.9CVSS5.4AI score0.01717EPSS
CVE
CVE
added 2021/08/31 1:15 p.m.81 views

CVE-2021-35222

This vulnerability allows attackers to impersonate users and perform arbitrary actions leading to a Remote Code Execution (RCE) from the Alerts Settings page.

9.6CVSS8.8AI score0.00655EPSS
CVE
CVE
added 2021/08/31 12:15 p.m.80 views

CVE-2021-35219

ExportToPdfCmd Arbitrary File Read Information Disclosure Vulnerability using ImportAlert function within the Alerts Settings page.

6CVSS5.6AI score0.00104EPSS
CVE
CVE
added 2021/03/26 4:15 p.m.77 views

CVE-2020-35856

SolarWinds Orion Platform before 2020.2.5 allows stored XSS attacks by an administrator on the Customize View page.

4.8CVSS5.2AI score0.01023EPSS
CVE
CVE
added 2021/08/31 1:15 p.m.77 views

CVE-2021-35221

Improper Access Control Tampering Vulnerability using ImportAlert function which can lead to a Remote Code Execution (RCE) from the Alerts Settings page.

8.1CVSS7.2AI score0.00465EPSS
CVE
CVE
added 2022/10/20 9:15 p.m.76 views

CVE-2022-38108

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

7.2CVSS7.3AI score0.8543EPSS
CVE
CVE
added 2021/08/31 12:15 p.m.72 views

CVE-2021-35220

Command Injection vulnerability in EmailWebPage API which can lead to a Remote Code Execution (RCE) from the Alerts Settings page.

8.1CVSS7.7AI score0.01629EPSS
CVE
CVE
added 2023/04/21 8:15 p.m.70 views

CVE-2022-36963

The SolarWinds Platform was susceptible to the Command Injection Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform admin account to execute arbitrary commands.

7.2CVSS7.4AI score0.00527EPSS
CVE
CVE
added 2023/04/21 8:15 p.m.68 views

CVE-2022-47505

The SolarWinds Platform was susceptible to the Local Privilege Escalation Vulnerability. This vulnerability allows a local adversary with a valid system user account to escalate local privileges.

7.8CVSS7.6AI score0.00061EPSS
CVE
CVE
added 2023/04/21 8:15 p.m.63 views

CVE-2022-47509

The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform account to append URL parameters to inject HTML.

6.1CVSS6.2AI score0.00828EPSS
CVE
CVE
added 2022/10/20 9:15 p.m.60 views

CVE-2022-36957

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

7.2CVSS7.5AI score0.01023EPSS
CVE
CVE
added 2021/12/20 9:15 p.m.58 views

CVE-2021-35244

The "Log alert to a file" action within action management enables any Orion Platform user with Orion alert management rights to write to any file. An attacker with Orion alert management rights could use this vulnerability to perform an unrestricted file upload causing a remote code execution.

8.5CVSS7.2AI score0.19199EPSS
CVE
CVE
added 2022/11/29 9:15 p.m.57 views

CVE-2022-36960

SolarWinds Platform was susceptible to Improper Input Validation. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to escalate user privileges.

8.8CVSS8.8AI score0.00127EPSS
CVE
CVE
added 2022/11/29 9:15 p.m.57 views

CVE-2022-36964

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands.

8.8CVSS8.9AI score0.0116EPSS
CVE
CVE
added 2020/09/17 6:15 p.m.50 views

CVE-2020-13169

Stored XSS (Cross-Site Scripting) exists in the SolarWinds Orion Platform before before 2020.2.1 on multiple forms and pages. This vulnerability may lead to the Information Disclosure and Escalation of Privileges (takeover of administrator account).

9CVSS8.3AI score0.01534EPSS
CVE
CVE
added 2022/10/20 9:15 p.m.50 views

CVE-2022-36958

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands.

8.8CVSS8.9AI score0.12832EPSS
CVE
CVE
added 2022/10/20 9:15 p.m.49 views

CVE-2022-36966

Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds Platform 2022.3 and previous.

5.4CVSS5.9AI score0.00218EPSS
CVE
CVE
added 2022/11/29 9:15 p.m.48 views

CVE-2022-36962

SolarWinds Platform was susceptible to Command Injection. This vulnerability allows a remote adversary with complete control over the SolarWinds database to execute arbitrary commands.

7.2CVSS7.5AI score0.00249EPSS
CVE
CVE
added 2021/09/01 3:15 p.m.46 views

CVE-2021-35218

Deserialization of Untrusted Data in the Web Console Chart Endpoint can lead to remote code execution. An unauthorized attacker who has network access to the Orion Patch Manager Web Console could potentially exploit this and compromise the server

8.9CVSS8.9AI score0.2471EPSS
CVE
CVE
added 2023/09/13 11:15 p.m.46 views

CVE-2023-23840

The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges.

7.2CVSS7.2AI score0.00291EPSS
CVE
CVE
added 2023/09/13 11:15 p.m.42 views

CVE-2023-23845

The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges.

7.2CVSS7.2AI score0.00291EPSS
CVE
CVE
added 2021/12/20 9:15 p.m.39 views

CVE-2021-35248

It has been reported that any Orion user, e.g. guest accounts can query the Orion.UserSettings entity and enumerate users and their basic settings.

6.8CVSS4.9AI score0.00268EPSS