CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40056 – SolarWinds Platform SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-40056
SQL Injection Remote Code Vulnerability was found in the SolarWinds Platform. This vulnerability can be exploited with a low privileged account. Se encontró una vulnerabilidad de código remoto de inyección SQL en la plataforma SolarWinds. Esta vulnerabilidad se puede explotar con una cuenta con pocos privilegios. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Platform. • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-4-2_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-40056 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40061 – Insecure Job Execution Mechanism Vulnerability
https://notcve.org/view.php?id=CVE-2023-40061
Insecure job execution mechanism vulnerability. This vulnerability can lead to other attacks as a result. Vulnerabilidad del mecanismo de ejecución de trabajos inseguro. Como resultado, esta vulnerabilidad puede provocar otros ataques. • https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-40061 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40062 – Incomplete List of Disallowed Inputs Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-40062
SolarWinds Platform Incomplete List of Disallowed Inputs Remote Code Execution Vulnerability. If executed, this vulnerability would allow a low-privileged user to execute commands with SYSTEM privileges. Lista Incompleta de Entradas no Permitidas de la Plataforma SolarWinds vulnerabilidad de Ejecución Remota de Código. Si se ejecuta, esta vulnerabilidad permitiría a un usuario con pocos privilegios ejecutar comandos con permisos de SYSTEM. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Platform. • https://documentation.solarwinds.com/en/success_center/hco/content/release_notes/hco_2023-4_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-40062 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3622 – Access Control Bypass Vulnerability in the SolarWinds Platform
https://notcve.org/view.php?id=CVE-2023-3622
Access Control Bypass Vulnerability in the SolarWinds Platform that allows an underprivileged user to read arbitrary resource Vulnerabilidad de Access Control Bypass en SolarWinds Platform que permite a un usuario con privilegios leer recursos arbitrarios • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-3_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-3622 • CWE-287: Improper Authentication •
CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33229 – SolarWinds Platform Incorrect Input Neutralization Vulnerability
https://notcve.org/view.php?id=CVE-2023-33229
The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform account to append URL parameters to inject passive HTML. SolarWinds Platform era susceptible a la vulnerabilidad de neutralización de entrada incorrecta. Esta vulnerabilidad permite a un adversario remoto con una cuenta válida de SolarWinds Platform anexar parámetros de URL para inyectar HTML pasivo. • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-3_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/cve-2023-33229 • CWE-94: Improper Control of Generation of Code ('Code Injection') •