Page 10 of 256 results (0.003 seconds)

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

No exception handling vulnerability which revealed sensitive or excessive information to users. • https://documentation.solarwinds.com/en/success_center/dpa/content/release_notes/dpa_2023-2_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/cve-2023-23837 • CWE-755: Improper Handling of Exceptional Conditions •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0

Directory traversal and file enumeration vulnerability which allowed users to enumerate to different folders of the server. • https://documentation.solarwinds.com/en/success_center/dpa/content/release_notes/dpa_2023-2_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/cve-2023-23838 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

The SolarWinds Platform was susceptible to the Exposure of Sensitive Information Vulnerability. This vulnerability allows users to access Orion.WebCommunityStrings SWIS schema object and obtain sensitive information. • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-2_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-23839 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

The SolarWinds Platform was susceptible to the Local Privilege Escalation Vulnerability. This vulnerability allows a local adversary with a valid system user account to escalate local privileges. This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of the TFTP Server service. By creating a junction, an attacker can abuse the service to create or read arbitrary files. • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-2_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/cve-2022-47505 • CWE-269: Improper Privilege Management •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

The SolarWinds Platform was susceptible to the Command Injection Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform admin account to execute arbitrary commands. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor. Authentication is required to exploit this vulnerability. The specific flaw exists within the ExecuteExternalProgram method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-2_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/cve-2022-36963 • CWE-94: Improper Control of Generation of Code ('Code Injection') •