CVSS: 8.6EPSS: 95%CPEs: 3EXPL: 9CVE-2024-28995 – SolarWinds Serv-U Path Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2024-28995
SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine. SolarWinds Serv-U era susceptible a una vulnerabilidad directory transversal que permitiría el acceso para leer archivos confidenciales en la máquina host. SolarWinds Serv-U contains a path traversal vulnerability that allows an attacker access to read sensitive files on the host machine. • https://github.com/Stuub/CVE-2024-28995 https://github.com/0xc4t/CVE-2024-28995 https://github.com/Praison001/CVE-2024-28995-SolarWinds-Serv-U https://github.com/bigb0x/CVE-2024-28995 https://github.com/krypton-kry/CVE-2024-28995 https://github.com/ggfzx/CVE-2024-28995 https://github.com/muhammetali20/CVE-2024-28995 https://github.com/huseyinstif/CVE-2024-28995-Nuclei-Template https://github.com/gotr00t0day/CVE-2024-28995 https://www.solarwinds.com/trust-center/security-a • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29004 – SolarWinds Platform Stored XSS Vulnerability
https://notcve.org/view.php?id=CVE-2024-29004
The SolarWinds Platform was determined to be affected by a stored cross-site scripting vulnerability affecting the web console. A high-privileged user and user interaction is required to exploit this vulnerability. Se determinó que la plataforma SolarWinds estaba afectada por una vulnerabilidad de cross-site scripting almacenado que afectaba a la consola web. Se requiere un usuario con altos privilegios y la interacción del usuario para aprovechar esta vulnerabilidad. • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-2_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-29004 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 1%CPEs: 1EXPL: 2CVE-2024-28999 – SolarWinds Platform Race Condition Vulnerability
https://notcve.org/view.php?id=CVE-2024-28999
The SolarWinds Platform was determined to be affected by a Race Condition Vulnerability affecting the web console. Se determinó que la plataforma SolarWinds estaba afectada por una vulnerabilidad de condición de ejecución que afectaba a la consola web. SolarWinds Platform version 2024.1 SR1 suffers from a race condition vulnerability. • https://www.exploit-db.com/exploits/52055 https://github.com/HussainFathy/CVE-2024-28999 https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-2_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28999 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28996 – SolarWinds Platform SWQL Injection Vulnerability
https://notcve.org/view.php?id=CVE-2024-28996
The SolarWinds Platform was determined to be affected by a SWQL Injection Vulnerability. Attack complexity is high for this vulnerability. Se determinó que la plataforma SolarWinds estaba afectada por una vulnerabilidad de inyección SWQL. La complejidad del ataque es alta para esta vulnerabilidad. • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-2_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28996 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28072 – Arbitrary File Overwrite Vulnerability
https://notcve.org/view.php?id=CVE-2024-28072
A highly privileged account can overwrite arbitrary files on the system with log output. The log file path tags were not sanitized properly. Una cuenta con muchos privilegios puede sobrescribir archivos arbitrarios en el sistema con resultados de registro. Las etiquetas de ruta del archivo de registro no se sanitizaron adecuadamente. • https://solarwindscore.my.site.com/SuccessCenter/s/article/Serv-U-15-4-2-Hotfix-1-Release-Notes?language=en_US https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28072 • CWE-532: Insertion of Sensitive Information into Log File •