256 results (0.015 seconds)

CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 0

SolarWinds Kiwi CatTools is susceptible to a sensitive data disclosure vulnerability when a non-default setting has been enabled for troubleshooting purposes. • https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-45713 • CWE-209: Generation of Error Message Containing Sensitive Information •

CVSS: 8.6EPSS: 96%CPEs: 3EXPL: 9

SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine. SolarWinds Serv-U era susceptible a una vulnerabilidad directory transversal que permitiría el acceso para leer archivos confidenciales en la máquina host. SolarWinds Serv-U contains a path traversal vulnerability that allows an attacker access to read sensitive files on the host machine. • https://github.com/Stuub/CVE-2024-28995 https://github.com/0xc4t/CVE-2024-28995 https://github.com/Praison001/CVE-2024-28995-SolarWinds-Serv-U https://github.com/bigb0x/CVE-2024-28995 https://github.com/krypton-kry/CVE-2024-28995 https://github.com/ggfzx/CVE-2024-28995 https://github.com/muhammetali20/CVE-2024-28995 https://github.com/huseyinstif/CVE-2024-28995-Nuclei-Template https://github.com/gotr00t0day/CVE-2024-28995 https://www.solarwinds.com/trust-center/security-a • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0

The SolarWinds Platform was determined to be affected by a stored cross-site scripting vulnerability affecting the web console. A high-privileged user and user interaction is required to exploit this vulnerability. Se determinó que la plataforma SolarWinds estaba afectada por una vulnerabilidad de cross-site scripting almacenado que afectaba a la consola web. Se requiere un usuario con altos privilegios y la interacción del usuario para aprovechar esta vulnerabilidad. • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-2_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-29004 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.1EPSS: 2%CPEs: 1EXPL: 2

The SolarWinds Platform was determined to be affected by a Race Condition Vulnerability affecting the web console. Se determinó que la plataforma SolarWinds estaba afectada por una vulnerabilidad de condición de ejecución que afectaba a la consola web. SolarWinds Platform version 2024.1 SR1 suffers from a race condition vulnerability. • https://www.exploit-db.com/exploits/52055 https://github.com/HussainFathy/CVE-2024-28999 https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-2_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28999 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0

The SolarWinds Platform was determined to be affected by a SWQL Injection Vulnerability. Attack complexity is high for this vulnerability. Se determinó que la plataforma SolarWinds estaba afectada por una vulnerabilidad de inyección SWQL. La complejidad del ataque es alta para esta vulnerabilidad. • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-2_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28996 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •