CVSS: 8.8EPSS: 37%CPEs: 1EXPL: 0CVE-2023-23836 – SolarWinds Platform Deserialization of Untrusted Data Vulnerability
https://notcve.org/view.php?id=CVE-2023-23836
15 Feb 2023 — SolarWinds Platform version 2022.4.1 was found to be susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to the SolarWinds Web Console to execute arbitrary commands. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor. Authentication is required to exploit this vulnerability. The specific flaw exists within the CredentialInitializer functio... • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-1_release_notes.htm • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.0EPSS: 0%CPEs: 9EXPL: 0CVE-2022-36960 – SolarWinds Platform Improper Input Validation
https://notcve.org/view.php?id=CVE-2022-36960
23 Nov 2022 — SolarWinds Platform was susceptible to Improper Input Validation. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to escalate user privileges. La plataforma SolarWinds fue susceptible a una validación de entrada incorrecta. Esta vulnerabilidad permite que un adversario remoto con acceso válido a SolarWinds Web Console escale los privilegios del usuario. This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Network P... • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-4_release_notes.htm • CWE-20: Improper Input Validation CWE-287: Improper Authentication •
CVSS: 8.3EPSS: 0%CPEs: 9EXPL: 0CVE-2022-36962 – SolarWinds Platform Command Injection
https://notcve.org/view.php?id=CVE-2022-36962
23 Nov 2022 — SolarWinds Platform was susceptible to Command Injection. This vulnerability allows a remote adversary with complete control over the SolarWinds database to execute arbitrary commands. La plataforma SolarWinds era susceptible a la Inyección de Comandos. Esta vulnerabilidad permite que un adversario remoto con control total sobre la base de datos de SolarWinds ejecute comandos arbitrarios. This vulnerability allows remote attackers to execute code on affected installations of SolarWinds Network Performance M... • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-4_release_notes.htm • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 1%CPEs: 9EXPL: 0CVE-2022-36964 – SolarWinds Platform Deserialization of Untrusted Data
https://notcve.org/view.php?id=CVE-2022-36964
23 Nov 2022 — SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands. La plataforma SolarWinds era susceptible a la deserialización de datos no confiables. Esta vulnerabilidad permite que un adversario remoto con acceso válido a SolarWinds Web Console ejecute comandos arbitrarios. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sola... • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-4_release_notes.htm • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.3EPSS: 83%CPEs: 9EXPL: 1CVE-2022-38108 – SolarWinds Platform Deserialization of Untrusted Data
https://notcve.org/view.php?id=CVE-2022-38108
20 Oct 2022 — SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands. SolarWinds Platform era susceptible a la Deserialización de Datos No Confiables. Esta vulnerabilidad permite a un adversario remoto con acceso a la cuenta de nivel de administrador de Orion a la consola web de SolarWinds ejecutar comandos arbitrarios This vulnerability allows remote attackers ... • https://packetstorm.news/files/id/171567 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.0EPSS: 16%CPEs: 9EXPL: 0CVE-2022-36958 – SolarWinds Platform Deserialization of Untrusted Data
https://notcve.org/view.php?id=CVE-2022-36958
20 Oct 2022 — SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands. SolarWinds Platform era susceptible a una Deserialización de Datos No Confiables. Esta vulnerabilidad permite a un adversario remoto con acceso válido a la consola web de SolarWinds ejecutar comandos arbitrarios This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sola... • https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36958 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.3EPSS: 1%CPEs: 9EXPL: 0CVE-2022-36957 – SolarWinds Platform Deserialization of Untrusted Data
https://notcve.org/view.php?id=CVE-2022-36957
20 Oct 2022 — SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands. SolarWinds Platform era susceptible de una Deserialización de Datos No Confiables. Esta vulnerabilidad permite a un adversario remoto con acceso a la cuenta de nivel de administrador de Orion a la Consola Web de SolarWinds ejecutar comandos arbitrarios This vulnerability allows remote attacker... • https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36957 • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-36966 – Insecure Direct Object Reference Vulnerability: Orion Platform 2020.2.6
https://notcve.org/view.php?id=CVE-2022-36966
20 Oct 2022 — Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds Platform 2022.3 and previous. Los usuarios con derechos de administración de nodos podían ver y editar todos los nodos debido a un control insuficiente del parámetro URL que causaba una vulnerabilidad de referencia directa a objetos insegura (IDOR) en SolarWinds Platform 2022.3 y anteriores • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-4_release_notes.htm • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 9.0EPSS: 23%CPEs: 1EXPL: 0CVE-2022-36961 – Orion Platform SQL Injection Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-36961
30 Sep 2022 — A vulnerable component of Orion Platform was vulnerable to SQL Injection, an authenticated attacker could leverage this for privilege escalation or remote code execution. Un verbo usado en Orion era vulnerable a una inyección de SQL, un atacante autenticado podría aprovechar esto para la escalada de privilegios o una ejecución de código remota This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor. Authentication is required to e... • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-3_release_notes.htm • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 1%CPEs: 4EXPL: 0CVE-2021-35234 – Exposed Dangerous Functions - Privileged Escalation
https://notcve.org/view.php?id=CVE-2021-35234
20 Dec 2021 — Numerous exposed dangerous functions within Orion Core has allows for read-only SQL injection leading to privileged escalation. An attacker with low-user privileges may steal password hashes and password salt information. Numerosas funciones peligrosas expuestas dentro de Orion Core han permitido la inyección de SQL de sólo lectura conllevando a una escalada de privilegios. Un atacante con bajos privilegios de usuario puede robar los hashes de las contraseñas y la información de las sales de las contraseñas... • https://documentation.solarwinds.com/en/Success_Center/orionplatform/content/core-secure-configuration.htm • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •