Lucene search

K
SolarwindsSolarwinds Platform

27 matches found

CVE
CVE
added 2023/11/28 6:15 p.m.87 views

CVE-2023-40056

SQL Injection Remote Code Vulnerability was found in the SolarWindsPlatform. This vulnerability can be exploited with a low privileged account.

8.8CVSS8.5AI score0.00095EPSS
CVE
CVE
added 2022/09/30 5:15 p.m.74 views

CVE-2022-36965

Insufficient sanitization of inputs in QoE application input field could lead to stored and Dom based XSS attack. This issue is fixed and released in SolarWinds Platform (2022.3.0).

6.1CVSS6.2AI score0.00947EPSS
CVE
CVE
added 2024/04/18 9:15 a.m.68 views

CVE-2024-29001

A SolarWinds Platform SWQL Injection Vulnerability was identified in the user interface. This vulnerability requires authentication and user interaction to be exploited.

7.5CVSS7.1AI score0.00043EPSS
CVE
CVE
added 2024/06/04 3:15 p.m.64 views

CVE-2024-28999

The SolarWinds Platform was determined to be affected by a Race Condition Vulnerability affecting the web console.

7.5CVSS6.9AI score0.07294EPSS
CVE
CVE
added 2024/04/18 10:15 a.m.62 views

CVE-2024-29003

The SolarWinds Platform was susceptible to a XSS vulnerability that affects the maps section of the user interface. This vulnerability requires authentication and requires user interaction.

7.5CVSS6.1AI score0.0005EPSS
CVE
CVE
added 2024/12/04 7:15 a.m.62 views

CVE-2024-45717

The SolarWinds Platform was susceptible to a XSS vulnerability that affects the search and node information section of the user interface. This vulnerability requires authentication and requires user interaction.

7CVSS6.7AI score0.00252EPSS
CVE
CVE
added 2023/07/26 2:15 p.m.61 views

CVE-2023-33225

The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with SYSTEM privileges.

7.2CVSS7.3AI score0.00206EPSS
CVE
CVE
added 2024/06/04 3:15 p.m.61 views

CVE-2024-28996

The SolarWinds Platform was determined to be affected by a SWQL Injection Vulnerability. Attack complexity is high for this vulnerability.

7.5CVSS7.8AI score0.00293EPSS
CVE
CVE
added 2023/04/25 9:15 p.m.58 views

CVE-2023-23839

The SolarWinds Platform was susceptible to the Exposure of Sensitive Information Vulnerability. This vulnerability allows users to access Orion.WebCommunityStrings SWIS schema object and obtain sensitive information.

6.5CVSS6.4AI score0.00488EPSS
CVE
CVE
added 2023/07/26 2:15 p.m.54 views

CVE-2023-33224

The SolarWinds Platform was susceptible to the Incorrect Behavior Order Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges.

7.2CVSS7.3AI score0.00241EPSS
CVE
CVE
added 2023/11/01 4:15 p.m.54 views

CVE-2023-40062

SolarWinds Platform Incomplete List of Disallowed Inputs Remote Code Execution Vulnerability. If executed, this vulnerability would allow a low-privileged user to execute commands with SYSTEM privileges.

8.8CVSS8.7AI score0.02283EPSS
CVE
CVE
added 2024/04/18 9:15 a.m.52 views

CVE-2024-28076

The SolarWinds Platform was susceptible to a Arbitrary Open Redirection Vulnerability. A potential attacker can redirect to different domain when using URL parameter with relative entry in the correct format

7CVSS6.6AI score0.00027EPSS
CVE
CVE
added 2024/10/16 8:15 a.m.52 views

CVE-2024-45710

SolarWinds Platform is susceptible to an Uncontrolled Search Path Element Local Privilege Escalation vulnerability. This requires a low privilege account and local access to the affected node machine.

7.8CVSS7.6AI score0.00159EPSS
CVE
CVE
added 2024/06/04 3:15 p.m.51 views

CVE-2024-29004

The SolarWinds Platform was determined to be affected by a stored cross-site scripting vulnerability affecting the web console. A high-privileged user and user interaction is required to exploit this vulnerability.

7.1CVSS5.7AI score0.00061EPSS
CVE
CVE
added 2023/11/01 4:15 p.m.49 views

CVE-2023-40061

Insecurejob execution mechanism vulnerability. Thisvulnerability can lead to other attacks as a result.

8.8CVSS8.7AI score0.00101EPSS
CVE
CVE
added 2023/07/26 3:15 p.m.47 views

CVE-2023-3622

Access Control Bypass Vulnerability in the SolarWinds Platform that allows an underprivileged user to read arbitrary resource

4.3CVSS5AI score0.00075EPSS
CVE
CVE
added 2024/10/16 8:15 a.m.47 views

CVE-2024-45715

The SolarWinds Platform was susceptible to a Cross-Site Scripting vulnerability when performing an edit function to existing elements.

7.1CVSS6.2AI score0.00246EPSS
CVE
CVE
added 2024/05/20 7:15 p.m.46 views

CVE-2024-29000

The SolarWinds Platform was determined to be affected by a reflected cross-site scripting vulnerability affecting the web console. A high-privileged user and user interaction is required to exploit this vulnerability.

7.9CVSS6AI score0.00108EPSS
CVE
CVE
added 2022/12/21 1:21 a.m.45 views

CVE-2022-47512

Sensitive information was stored in plain text in a file that is accessible by a user with a local account in Hybrid Cloud Observability (HCO)/ SolarWinds Platform 2022.4. No other versions are affected

5.5CVSS5.2AI score0.00032EPSS
CVE
CVE
added 2023/07/26 2:15 p.m.45 views

CVE-2023-23844

The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with SYSTEM privileges.

7.2CVSS7.3AI score0.00209EPSS
CVE
CVE
added 2023/07/26 3:15 p.m.43 views

CVE-2023-33229

The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform account to append URL parameters to inject passive HTML.

3.5CVSS4.3AI score0.0061EPSS
CVE
CVE
added 2025/02/11 8:15 a.m.43 views

CVE-2024-52606

SolarWinds Platform is affected by server-side request forgery vulnerability. Proper input sanitation was not applied allowing for the possibility of a malicious web request.

9.8CVSS4.1AI score0.00091EPSS
CVE
CVE
added 2024/02/06 4:15 p.m.41 views

CVE-2023-50395

SQL Injection Remote Code Execution Vulnerability was found using an update statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited

8CVSS9AI score0.00802EPSS
CVE
CVE
added 2023/07/26 2:15 p.m.39 views

CVE-2023-23843

The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands.

7.2CVSS7.2AI score0.00206EPSS
CVE
CVE
added 2024/02/06 4:15 p.m.38 views

CVE-2023-35188

SQL Injection Remote Code Execution Vulnerability was found using a create statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited.

8CVSS9AI score0.00802EPSS
CVE
CVE
added 2025/02/11 8:15 a.m.38 views

CVE-2024-52611

The SolarWinds Platform is vulnerable to an information disclosure vulnerability through an error message. While the data does not provide anything sensitive, the information could assist an attacker in other malicious actions.

3.5CVSS3.7AI score0.00037EPSS
CVE
CVE
added 2025/02/11 8:15 a.m.37 views

CVE-2024-52612

SolarWinds Platform is vulnerable to a reflected cross-site scripting vulnerability. This was caused by an insufficient sanitation of input parameters. This vulnerability requires authentication by a high- privileged account to be exploitable.

6.8CVSS6.4AI score0.00073EPSS