CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29001 – SolarWinds Platform SWQL Injection Vulnerability
https://notcve.org/view.php?id=CVE-2024-29001
18 Apr 2024 — A SolarWinds Platform SWQL Injection Vulnerability was identified in the user interface. This vulnerability requires authentication and user interaction to be exploited. Se identificó una vulnerabilidad de inyección SWQL de la plataforma SolarWinds en la interfaz de usuario. Esta vulnerabilidad requiere autenticación e interacción del usuario para poder explotarse. • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-1-1_release_notes.htm • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28076 – SolarWinds Platform Arbitrary Open Redirection Vulnerability
https://notcve.org/view.php?id=CVE-2024-28076
18 Apr 2024 — The SolarWinds Platform was susceptible to a Arbitrary Open Redirection Vulnerability. A potential attacker can redirect to different domain when using URL parameter with relative entry in the correct format La plataforma SolarWinds era susceptible a una vulnerabilidad de redireccionamiento abierto arbitrario. Un atacante potencial puede redirigir a un dominio diferente cuando utiliza un parámetro de URL con una entrada relativa en el formato correcto. • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-1-1_release_notes.htm • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35188 – SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-35188
06 Feb 2024 — SQL Injection Remote Code Execution Vulnerability was found using a create statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited. La vulnerabilidad de ejecución remota de código de inyección SQL se encontró mediante una declaración de creación en la plataforma SolarWinds. Esta vulnerabilidad requiere que se aproveche la autenticación del usuario. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion ... • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-1_release_notes.htm • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50395 – SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-50395
06 Feb 2024 — SQL Injection Remote Code Execution Vulnerability was found using an update statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited La vulnerabilidad de ejecución remota de código de inyección SQL se encontró mediante una declaración de actualización en la plataforma SolarWinds. Esta vulnerabilidad requiere la autenticación del usuario para ser explotada. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds... • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-1_release_notes.htm • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40056 – SolarWinds Platform SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-40056
28 Nov 2023 — SQL Injection Remote Code Vulnerability was found in the SolarWinds Platform. This vulnerability can be exploited with a low privileged account. Se encontró una vulnerabilidad de código remoto de inyección SQL en la plataforma SolarWinds. Esta vulnerabilidad se puede explotar con una cuenta con pocos privilegios. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Platform. • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-4-2_release_notes.htm • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40061 – Insecure Job Execution Mechanism Vulnerability
https://notcve.org/view.php?id=CVE-2023-40061
01 Nov 2023 — Insecure job execution mechanism vulnerability. This vulnerability can lead to other attacks as a result. Vulnerabilidad del mecanismo de ejecución de trabajos inseguro. Como resultado, esta vulnerabilidad puede provocar otros ataques. Insecure job execution mechanism vulnerability. • https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-40061 • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 2%CPEs: 1EXPL: 0CVE-2023-40062 – Incomplete List of Disallowed Inputs Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-40062
01 Nov 2023 — SolarWinds Platform Incomplete List of Disallowed Inputs Remote Code Execution Vulnerability. If executed, this vulnerability would allow a low-privileged user to execute commands with SYSTEM privileges. Lista Incompleta de Entradas no Permitidas de la Plataforma SolarWinds vulnerabilidad de Ejecución Remota de Código. Si se ejecuta, esta vulnerabilidad permitiría a un usuario con pocos privilegios ejecutar comandos con permisos de SYSTEM. This vulnerability allows remote attackers to execute arbitrary code... • https://documentation.solarwinds.com/en/success_center/hco/content/release_notes/hco_2023-4_release_notes.htm • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3622 – Access Control Bypass Vulnerability in the SolarWinds Platform
https://notcve.org/view.php?id=CVE-2023-3622
26 Jul 2023 — Access Control Bypass Vulnerability in the SolarWinds Platform that allows an underprivileged user to read arbitrary resource Vulnerabilidad de Access Control Bypass en SolarWinds Platform que permite a un usuario con privilegios leer recursos arbitrarios • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-3_release_notes.htm • CWE-287: Improper Authentication •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33229 – SolarWinds Platform Incorrect Input Neutralization Vulnerability
https://notcve.org/view.php?id=CVE-2023-33229
26 Jul 2023 — The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform account to append URL parameters to inject passive HTML. SolarWinds Platform era susceptible a la vulnerabilidad de neutralización de entrada incorrecta. Esta vulnerabilidad permite a un adversario remoto con una cuenta válida de SolarWinds Platform anexar parámetros de URL para inyectar HTML pasivo. • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-3_release_notes.htm • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23843 – SolarWinds Platform Incorrect Comparison Vulnerability
https://notcve.org/view.php?id=CVE-2023-23843
26 Jul 2023 — The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the UpdateActionsProperties method. The issue results from an incorrect string comparison. • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-3_release_notes.htm • CWE-697: Incorrect Comparison •