CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23845 – SolarWinds Platform Exposed Dangerous Method Vulnerability
https://notcve.org/view.php?id=CVE-2023-23845
13 Sep 2023 — The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges. La plataforma SolarWinds era susceptible a la vulnerabilidad de Comparación Incorrecta. Esta vulnerabilidad permite a los usuarios con acceso administrativo a SolarWinds Web Console ejecutar comandos arbitrarios con privilegios de SERVICIO DE RED. This vulnerability allows remote ... • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-3-1_release_notes.htm • CWE-697: Incorrect Comparison •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23840 – SolarWinds Platform Exposed Dangerous Method Vulnerability
https://notcve.org/view.php?id=CVE-2023-23840
13 Sep 2023 — The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges. La plataforma SolarWinds era susceptible a la vulnerabilidad de Comparación Incorrecta. Esta vulnerabilidad permite a los usuarios con acceso administrativo a SolarWinds Web Console ejecutar comandos arbitrarios con privilegios de SERVICIO DE RED. This vulnerability allows remote ... • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-3-1_release_notes.htm • CWE-697: Incorrect Comparison •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36963 – SolarWinds Platform Deserialization of Untrusted Data Vulnerability
https://notcve.org/view.php?id=CVE-2022-36963
21 Apr 2023 — The SolarWinds Platform was susceptible to the Command Injection Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform admin account to execute arbitrary commands. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor. Authentication is required to exploit this vulnerability. The specific flaw exists within the ExecuteExternalProgram method. The issue results from the lack of proper vali... • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-2_release_notes.htm • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47505 – SolarWinds Platform Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-47505
21 Apr 2023 — The SolarWinds Platform was susceptible to the Local Privilege Escalation Vulnerability. This vulnerability allows a local adversary with a valid system user account to escalate local privileges. This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuratio... • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-2_release_notes.htm • CWE-269: Improper Privilege Management •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47509 – SolarWinds Platform Incorrect Input Neutralization Vulnerability
https://notcve.org/view.php?id=CVE-2022-47509
21 Apr 2023 — The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform account to append URL parameters to inject HTML. • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-2_release_notes.htm • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 9EXPL: 0CVE-2022-36960 – SolarWinds Platform Improper Input Validation
https://notcve.org/view.php?id=CVE-2022-36960
23 Nov 2022 — SolarWinds Platform was susceptible to Improper Input Validation. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to escalate user privileges. La plataforma SolarWinds fue susceptible a una validación de entrada incorrecta. Esta vulnerabilidad permite que un adversario remoto con acceso válido a SolarWinds Web Console escale los privilegios del usuario. This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Network P... • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-4_release_notes.htm • CWE-20: Improper Input Validation CWE-287: Improper Authentication •
CVSS: 9.0EPSS: 0%CPEs: 9EXPL: 0CVE-2022-36964 – SolarWinds Platform Deserialization of Untrusted Data
https://notcve.org/view.php?id=CVE-2022-36964
23 Nov 2022 — SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands. La plataforma SolarWinds era susceptible a la deserialización de datos no confiables. Esta vulnerabilidad permite que un adversario remoto con acceso válido a SolarWinds Web Console ejecute comandos arbitrarios. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sola... • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-4_release_notes.htm • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.3EPSS: 0%CPEs: 9EXPL: 0CVE-2022-36962 – SolarWinds Platform Command Injection
https://notcve.org/view.php?id=CVE-2022-36962
23 Nov 2022 — SolarWinds Platform was susceptible to Command Injection. This vulnerability allows a remote adversary with complete control over the SolarWinds database to execute arbitrary commands. La plataforma SolarWinds era susceptible a la Inyección de Comandos. Esta vulnerabilidad permite que un adversario remoto con control total sobre la base de datos de SolarWinds ejecute comandos arbitrarios. This vulnerability allows remote attackers to execute code on affected installations of SolarWinds Network Performance M... • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-4_release_notes.htm • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.3EPSS: 1%CPEs: 9EXPL: 1CVE-2022-38108 – SolarWinds Platform Deserialization of Untrusted Data
https://notcve.org/view.php?id=CVE-2022-38108
20 Oct 2022 — SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands. SolarWinds Platform era susceptible a la Deserialización de Datos No Confiables. Esta vulnerabilidad permite a un adversario remoto con acceso a la cuenta de nivel de administrador de Orion a la consola web de SolarWinds ejecutar comandos arbitrarios This vulnerability allows remote attackers ... • https://packetstorm.news/files/id/171567 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.0EPSS: 0%CPEs: 9EXPL: 0CVE-2022-36958 – SolarWinds Platform Deserialization of Untrusted Data
https://notcve.org/view.php?id=CVE-2022-36958
20 Oct 2022 — SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands. SolarWinds Platform era susceptible a una Deserialización de Datos No Confiables. Esta vulnerabilidad permite a un adversario remoto con acceso válido a la consola web de SolarWinds ejecutar comandos arbitrarios This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sola... • https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36958 • CWE-502: Deserialization of Untrusted Data •