Page 16 of 256 results (0.002 seconds)

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

Sensitive information could be displayed when a detailed technical error message is posted. This information could disclose environmental details. Podría mostrarse información confidencial cuando es publicado un mensaje de error técnico detallado. Esta información podría divulgar detalles del entorno • https://docs.sentryone.com/help/sentryone-platform-release-notes https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-38107 • CWE-209: Generation of Error Message Containing Sensitive Information •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

An entity in Network Configuration Manager product is misconfigured and exposing password field to Solarwinds Information Service (SWIS). Exposed credentials are encrypted and require authenticated access with an NCM role. Una entidad del producto Network Configuration Manager está configurada inapropiadamente y expone el campo de la contraseña al Servicio de Información de Solarwinds (SWIS). Las credenciales expuestas están cifradas y requieren un acceso autenticado con un rol de NCM • https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35226 • CWE-326: Inadequate Encryption Strength •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Insufficient sanitization of inputs in QoE application input field could lead to stored and Dom based XSS attack. This issue is fixed and released in SolarWinds Platform (2022.3.0). Un saneo insuficiente de las entradas en el campo input de la aplicación QoE podría conllevar a un ataque de tipo XSS basado en el almacenamiento y en Dom. Este problema ha sido corregido y liberado en la plataforma SolarWinds (2022.3.0) • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-3_release_notes.htm#:~:text=Release%20date%3A%20May%2024%2C%202022%20These%20release%20notes%2Cissues.%20New%20features%20and%20improvements%20in%20SolarWinds%20Platform https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36965 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

A vulnerable component of Orion Platform was vulnerable to SQL Injection, an authenticated attacker could leverage this for privilege escalation or remote code execution. Un verbo usado en Orion era vulnerable a una inyección de SQL, un atacante autenticado podría aprovechar esto para la escalada de privilegios o una ejecución de código remota This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor. Authentication is required to exploit this vulnerability. The specific flaw exists within the UpdateActionsDescriptions function. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-3_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/cve-2022-36961 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

This broken access control vulnerability pertains specifically to a domain admin who can access configuration & user data of other domains which they should not have access to. Please note the admin is unable to modify the data (read only operation). This UAC issue leads to a data leak to unauthorized users for a domain, with no log of them accessing the data unless they attempt to modify it. This read-only activity is logged to the original domain and does not specify which domain was accessed. Esta vulnerabilidad de control de acceso roto es referida específicamente a un administrador de dominio que puede acceder a los datos de configuración y de usuario de otros dominios a los que no debería tener acceso. • https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-3-1_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35249 • CWE-284: Improper Access Control •