CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23479 – SolarWinds Access Rights Manager (ARM) Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-23479
SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited, this vulnerability allows an unauthenticated user to achieve a Remote Code Execution. Se descubrió que SolarWinds Access Rights Manager (ARM) era susceptible a una vulnerabilidad de Directory Traversal Remote Code Execution. Si se explota, esta vulnerabilidad permite a un usuario no autenticado lograr una ejecución remota de código. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Access Rights Manager. • https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-23479 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35188 – SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-35188
SQL Injection Remote Code Execution Vulnerability was found using a create statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited. La vulnerabilidad de ejecución remota de código de inyección SQL se encontró mediante una declaración de creación en la plataforma SolarWinds. Esta vulnerabilidad requiere que se aproveche la autenticación del usuario. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Platform. • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-1_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-35188 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50395 – SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-50395
SQL Injection Remote Code Execution Vulnerability was found using an update statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited La vulnerabilidad de ejecución remota de código de inyección SQL se encontró mediante una declaración de actualización en la plataforma SolarWinds. Esta vulnerabilidad requiere la autenticación del usuario para ser explotada. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the AppendUpdate method. • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-1_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-50395 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40058 – Sensitive Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-40058
Sensitive data was added to our public-facing knowledgebase that, if exploited, could be used to access components of Access Rights Manager (ARM) if the threat actor is in the same environment. Se agregaron datos confidenciales a nuestra base de conocimiento pública que, si se explotan, podrían usarse para acceder a componentes de Access Rights Manager (ARM) si el actor de la amenaza se encuentra en el mismo entorno. This vulnerability allows remote attackers to bypass authentication on affected installations of SolarWinds Access Rights Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of a RabbitMQ instance. The issue results from the use of hard-coded credentials. • https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-40058 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-40053 – HTML injection Vulnerability in Serv-U 15.4
https://notcve.org/view.php?id=CVE-2023-40053
A vulnerability has been identified within Serv-U 15.4 that allows an authenticated actor to insert content on the file share function feature of Serv-U, which could be used maliciously. Se ha identificado una vulnerabilidad en Serv-U 15.4 que permite a un actor autenticado insertar contenido en la función de compartir archivos de Serv-U, que podría usarse de manera maliciosa. • https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-4-1_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-40053 • CWE-20: Improper Input Validation •