4 matches found
CVE-2024-0692
SolarWinds Security Event Manager (SEM) is affected by CVE-2024-0692 due to a deserialization of untrusted data in the AMF mechanism, enabling unauthenticated remote code execution on adjacent networks. Public sources in connected documents confirm an unauthenticated RCE condition with a high imp...
CVE-2022-38113
CVE-2022-38113 corresponds to an information-disclosure vulnerability in SolarWinds Security Event Manager (SEM). The issue stems from server response headers disclosing build and service-version information, enabling an attacker to determine software aging and lineage. Public sources consistentl...
CVE-2022-38114
SolarWinds SEM contains a cross-site scripting vulnerability due to improper handling of Content-Length in POST requests (CVE-2022-38114). Connected records specify that versions prior to 2022.4 are affected; updating to 2022.4 or later is the indicated fix. The attack vector involves web-server ...
CVE-2022-38115
CVE-2022-38115 concerns SolarWinds Security Event Manager (SEM) and is described as an insecure-method vulnerability where HTTP methods (e.g., OPTIONS, DELETE, TRACE, PUT) are disclosed. Connected sources indicate SEM versions 2022.2 and prior are affected. The CVSSv3.1 base score is 5.3 (Medium)...