CVE-2022-47508 – Disable NTLM: SAM 2022.4
https://notcve.org/view.php?id=CVE-2022-47508
Customers who had configured their polling to occur via Kerberos did not expect NTLM Traffic on their environment, but since we were querying for data via IP address this prevented us from utilizing Kerberos. • https://documentation.solarwinds.com/en/success_center/sam/content/release_notes/sam_2023-1_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-47508 • CWE-287: Improper Authentication •
CVE-2014-9566 – SolarWinds Orion Service - SQL Injection
https://notcve.org/view.php?id=CVE-2014-9566
Multiple SQL injection vulnerabilities in the Manage Accounts page in the AccountManagement.asmx service in the Solarwinds Orion Platform 2015.1, as used in Network Performance Monitor (NPM) before 11.5, NetFlow Traffic Analyzer (NTA) before 4.1, Network Configuration Manager (NCM) before 7.3.2, IP Address Manager (IPAM) before 4.3, User Device Tracker (UDT) before 3.2, VoIP & Network Quality Manager (VNQM) before 4.2, Server & Application Manager (SAM) before 6.2, Web Performance Monitor (WPM) before 2.2, and possibly other Solarwinds products, allow remote authenticated users to execute arbitrary SQL commands via the (1) dir or (2) sort parameter to the (a) GetAccounts or (b) GetAccountGroups endpoint. Múltiples vulnerabilidades de inyección SQL en la página Manage Accounts en el servicio AccountManagement.asmx en Solarwinds Orion Platform 2015.1, utilizado en Network Performance Monitor (NPM) anterior a 11.5, NetFlow Traffic Analyzer (NTA) anterior a 4.1, Network Configuration Manager (NCM) anterior a 7.3.2, IP Address Manager (IPAM) anterior a 4.3, User Device Tracker (UDT) anterior a 3.2, VoIP & Network Quality Manager (VNQM) anterior a 4.2, Server & Application Manager (SAM) anterior a 6.2, Web Performance Monitor (WPM) anterior a 2.2, y posiblemente otros productos Solarwinds, permiten a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través del parámetro (1) dir o (2) sort en el endpoint (a) GetAccounts o (b) GetAccountGroups. Various remote SQL injection vulnerabilities exist in the core Orion service used in most of the Solarwinds products. Affected products include Network Performance Monitor below version 11.5, NetFlow Traffic Analyzer below version 4.1, Network Configuration Manager below version 7.3.2, IP Address Manager below version 4.3, User Device Tracker below version 3.2, VoIP • https://www.exploit-db.com/exploits/36262 http://osvdb.org/show/osvdb/118746 http://packetstormsecurity.com/files/130637/Solarwinds-Orion-Service-SQL-Injection.html http://seclists.org/fulldisclosure/2015/Mar/18 http://volatile-minds.blogspot.com/2015/02/authenticated-stacked-sql-injection-in.html http://www.exploit-db.com/exploits/36262 http://www.solarwinds.com/documentation/orion/docs/releasenotes/releasenotes.htm https://github.com/rapid7/metasploit-framework/pull/4836 - • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2015-1500 – SolarWinds Server and Application Monitor TSUnicodeGraphEditorControl graphManager.load Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-1500
Multiple stack-based buffer overflows in the TSUnicodeGraphEditorControl in SolarWinds Server and Application Monitor (SAM) allow remote attackers to execute arbitrary code via unspecified vectors to (1) graphManager.load or (2) factory.load. Múltiples desbordamientos de buffer basado en pila en TSUnicodeGraphEditorControl en SolarWinds Server and Application Monitor (SAM) permiten a atacantes remotosw ejecutar código arbitrario a través de vectores no especificados en (1) cargar graphManager.o (2) cargar factory. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SolarWinds Server and Application Monitor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the 'graphManager' object's load method. The issue lies in a failure to validate the size of an attacker-supplied input before copying it into a fixed-size buffer on the stack. • http://www.zerodayinitiative.com/advisories/ZDI-15-042 http://www.zerodayinitiative.com/advisories/ZDI-15-044 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-1501 – SolarWinds Server and Application Monitor TSUnicodeGraphEditorControl factory.loadExtensionFactory Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-1501
The factory.loadExtensionFactory function in TSUnicodeGraphEditorControl in SolarWinds Server and Application Monitor (SAM) allow remote attackers to execute arbitrary code via a UNC path to a crafted binary. La función factory.loadExtensionFactory en TSUnicodeGraphEditorControl en SolarWinds Server and Application Monitor (SAM) permite a atacantes remotos ejecutar código arbitrario a través de una ruta UNC en un binario manhipulado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SolarWinds Server and Application Monitor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the 'factory' object's loadExtensionFactory method. By supplying a UNC path to a controlled binary, a remote attacker can execute arbitrary code under the context of the process. • http://www.zerodayinitiative.com/advisories/ZDI-15-043 • CWE-94: Improper Control of Generation of Code ('Code Injection') •