CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-35246 – Unprotected Transport of Credentials (HSTS) Vulnerability
https://notcve.org/view.php?id=CVE-2021-35246
23 Nov 2022 — The application fails to prevent users from connecting to it over unencrypted connections. An attacker able to modify a legitimate user's network traffic could bypass the application's use of SSL/TLS encryption and use the application as a platform for attacks against its users. La aplicación no impide que los usuarios se conecten a ella a través de conexiones no cifradas. Un atacante capaz de modificar el tráfico de red de un usuario legítimo podría evitar el uso de cifrado SSL/TLS por parte de la aplicaci... • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35246 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38113 – Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-38113
23 Nov 2022 — This vulnerability discloses build and services versions in the server response header. Esta vulnerabilidad revela versiones de compilación y servicios en el encabezado de respuesta del servidor. • https://documentation.solarwinds.com/en/success_center/sem/content/release_notes/sem_2022-4_release_notes.htm • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.0EPSS: 0%CPEs: 9EXPL: 0CVE-2022-36960 – SolarWinds Platform Improper Input Validation
https://notcve.org/view.php?id=CVE-2022-36960
23 Nov 2022 — SolarWinds Platform was susceptible to Improper Input Validation. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to escalate user privileges. La plataforma SolarWinds fue susceptible a una validación de entrada incorrecta. Esta vulnerabilidad permite que un adversario remoto con acceso válido a SolarWinds Web Console escale los privilegios del usuario. This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Network P... • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-4_release_notes.htm • CWE-20: Improper Input Validation CWE-287: Improper Authentication •
CVSS: 9.0EPSS: 1%CPEs: 9EXPL: 0CVE-2022-36964 – SolarWinds Platform Deserialization of Untrusted Data
https://notcve.org/view.php?id=CVE-2022-36964
23 Nov 2022 — SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands. La plataforma SolarWinds era susceptible a la deserialización de datos no confiables. Esta vulnerabilidad permite que un adversario remoto con acceso válido a SolarWinds Web Console ejecute comandos arbitrarios. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sola... • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-4_release_notes.htm • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38115 – Insecure Methods Vulnerability
https://notcve.org/view.php?id=CVE-2022-38115
23 Nov 2022 — Insecure method vulnerability in which allowed HTTP methods are disclosed. E.g., OPTIONS, DELETE, TRACE, and PUT Vulnerabilidad de método inseguro en la que se revelan métodos HTTP permitidos. Por ejemplo, OPTIONS, DELETE, TRACE y PUT • https://documentation.solarwinds.com/en/success_center/sem/content/release_notes/sem_2022-4_release_notes.htm • CWE-436: Interpretation Conflict CWE-650: Trusting HTTP Permission Methods on the Server Side •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38114 – Client-Side Desync Vulnerability
https://notcve.org/view.php?id=CVE-2022-38114
23 Nov 2022 — This vulnerability occurs when a web server fails to correctly process the Content-Length of POST requests. This can lead to HTTP request smuggling or XSS. Esta vulnerabilidad ocurre cuando un servidor web no logra procesar correctamente la longitud del contenido de las solicitudes POST. Esto puede provocar tráfico ilegal de solicitudes HTTP o XSS. • https://documentation.solarwinds.com/en/success_center/sem/content/release_notes/sem_2022-4_release_notes.htm • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 8.3EPSS: 0%CPEs: 9EXPL: 0CVE-2022-36962 – SolarWinds Platform Command Injection
https://notcve.org/view.php?id=CVE-2022-36962
23 Nov 2022 — SolarWinds Platform was susceptible to Command Injection. This vulnerability allows a remote adversary with complete control over the SolarWinds database to execute arbitrary commands. La plataforma SolarWinds era susceptible a la Inyección de Comandos. Esta vulnerabilidad permite que un adversario remoto con control total sobre la base de datos de SolarWinds ejecute comandos arbitrarios. This vulnerability allows remote attackers to execute code on affected installations of SolarWinds Network Performance M... • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-4_release_notes.htm • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.3EPSS: 84%CPEs: 9EXPL: 1CVE-2022-38108 – SolarWinds Platform Deserialization of Untrusted Data
https://notcve.org/view.php?id=CVE-2022-38108
20 Oct 2022 — SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands. SolarWinds Platform era susceptible a la Deserialización de Datos No Confiables. Esta vulnerabilidad permite a un adversario remoto con acceso a la cuenta de nivel de administrador de Orion a la consola web de SolarWinds ejecutar comandos arbitrarios This vulnerability allows remote attackers ... • https://packetstorm.news/files/id/171567 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.0EPSS: 16%CPEs: 9EXPL: 0CVE-2022-36958 – SolarWinds Platform Deserialization of Untrusted Data
https://notcve.org/view.php?id=CVE-2022-36958
20 Oct 2022 — SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands. SolarWinds Platform era susceptible a una Deserialización de Datos No Confiables. Esta vulnerabilidad permite a un adversario remoto con acceso válido a la consola web de SolarWinds ejecutar comandos arbitrarios This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sola... • https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36958 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.3EPSS: 1%CPEs: 9EXPL: 0CVE-2022-36957 – SolarWinds Platform Deserialization of Untrusted Data
https://notcve.org/view.php?id=CVE-2022-36957
20 Oct 2022 — SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands. SolarWinds Platform era susceptible de una Deserialización de Datos No Confiables. Esta vulnerabilidad permite a un adversario remoto con acceso a la cuenta de nivel de administrador de Orion a la Consola Web de SolarWinds ejecutar comandos arbitrarios This vulnerability allows remote attacker... • https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36957 • CWE-502: Deserialization of Untrusted Data •