CVSS: 10.0EPSS: 29%CPEs: 1EXPL: 0CVE-2019-8917
https://notcve.org/view.php?id=CVE-2019-8917
SolarWinds Orion NPM before 12.4 suffers from a SYSTEM remote code execution vulnerability in the OrionModuleEngine service. This service establishes a NetTcpBinding endpoint that allows remote, unauthenticated clients to connect and call publicly exposed methods. The InvokeActionMethod method may be abused by an attacker to execute commands as the SYSTEM user. SolarWinds Orion NPM, en versiones anteriores a la 12.4, sufre de una vulnerabilidad de ejecución remota de código "SYSTEM" en el servicio OrionModuleEngine. Este servicio establece un endpoint NetTcpBinding que permite que los clientes remotos sin autenticar se conecten y llamen a métodos expuestos de forma pública. • http://www.securityfocus.com/bid/107061 https://github.com/VerSprite/research/blob/master/advisories/VS-2019-001.md •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2017-9538 – SolarWinds Network Performance Monitor 12.0.15300.90 Denial Of Service
https://notcve.org/view.php?id=CVE-2017-9538
The 'Upload logo from external path' function of SolarWinds Network Performance Monitor version 12.0.15300.90 allows remote attackers to cause a denial of service (permanent display of a "Cannot exit above the top directory" error message throughout the entire web application) via a ".." in the path field. In other words, the denial of service is caused by an incorrect implementation of a directory-traversal protection mechanism. La función "Upload logo from external path" de SolarWinds Network Performance Monitor en su versión 12.0.15300.90 permite que los atacantes remotos provoquen una denegación de servicio (muestra permanente de un mensaje de error "Cannot exit above the top directory" en toda la aplicación web) mediante un ".." en el campo path. En otras palabras, la denegación de servicio es provocada por una implementación incorrecta de un mecanismo de protección contra saltos de directorio. SolarWinds Network Performance Monitor version 12.0.15300.90 suffers from a denial of service vulnerability. • http://www.securityfocus.com/archive/1/541263/100/0/threaded http://www.securityfocus.com/bid/101066 • CWE-20: Improper Input Validation •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-9537 – SolarWinds Network Performance Monitor 12.0.15300.90 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2017-9537
Persistent cross-site scripting (XSS) in the Add Node function of SolarWinds Network Performance Monitor version 12.0.15300.90 allows remote attackers to introduce arbitrary JavaScript into various vulnerable parameters. Existe una vulnerabilidad de tipo Cross-Site Scripting (XSS) persistente en la función Add Node de SolarWinds Network Performance Monitor en su versión 12.0.15300.90 que permite que los atacantes remotos introduzcan código JavaScript arbitrario en varios parámetros vulnerables. SolarWinds Network Performance Monitor version 12.0.15300.90 suffers from a cross site scripting vulnerability. • http://www.securityfocus.com/archive/1/541262/100/0/threaded http://www.securityfocus.com/bid/101071 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 96%CPEs: 8EXPL: 5CVE-2014-9566 – SolarWinds Orion Service - SQL Injection
https://notcve.org/view.php?id=CVE-2014-9566
Multiple SQL injection vulnerabilities in the Manage Accounts page in the AccountManagement.asmx service in the Solarwinds Orion Platform 2015.1, as used in Network Performance Monitor (NPM) before 11.5, NetFlow Traffic Analyzer (NTA) before 4.1, Network Configuration Manager (NCM) before 7.3.2, IP Address Manager (IPAM) before 4.3, User Device Tracker (UDT) before 3.2, VoIP & Network Quality Manager (VNQM) before 4.2, Server & Application Manager (SAM) before 6.2, Web Performance Monitor (WPM) before 2.2, and possibly other Solarwinds products, allow remote authenticated users to execute arbitrary SQL commands via the (1) dir or (2) sort parameter to the (a) GetAccounts or (b) GetAccountGroups endpoint. Múltiples vulnerabilidades de inyección SQL en la página Manage Accounts en el servicio AccountManagement.asmx en Solarwinds Orion Platform 2015.1, utilizado en Network Performance Monitor (NPM) anterior a 11.5, NetFlow Traffic Analyzer (NTA) anterior a 4.1, Network Configuration Manager (NCM) anterior a 7.3.2, IP Address Manager (IPAM) anterior a 4.3, User Device Tracker (UDT) anterior a 3.2, VoIP & Network Quality Manager (VNQM) anterior a 4.2, Server & Application Manager (SAM) anterior a 6.2, Web Performance Monitor (WPM) anterior a 2.2, y posiblemente otros productos Solarwinds, permiten a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través del parámetro (1) dir o (2) sort en el endpoint (a) GetAccounts o (b) GetAccountGroups. Various remote SQL injection vulnerabilities exist in the core Orion service used in most of the Solarwinds products. Affected products include Network Performance Monitor below version 11.5, NetFlow Traffic Analyzer below version 4.1, Network Configuration Manager below version 7.3.2, IP Address Manager below version 4.3, User Device Tracker below version 3.2, VoIP • https://www.exploit-db.com/exploits/36262 http://osvdb.org/show/osvdb/118746 http://packetstormsecurity.com/files/130637/Solarwinds-Orion-Service-SQL-Injection.html http://seclists.org/fulldisclosure/2015/Mar/18 http://volatile-minds.blogspot.com/2015/02/authenticated-stacked-sql-injection-in.html http://www.exploit-db.com/exploits/36262 http://www.solarwinds.com/documentation/orion/docs/releasenotes/releasenotes.htm https://github.com/rapid7/metasploit-framework/pull/4836 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 27%CPEs: 10EXPL: 2CVE-2012-4939 – SolarWinds Orion IP Address Manager (IPAM) - 'search.aspx' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-4939
Cross-site scripting (XSS) vulnerability in IPAMSummaryView.aspx in the IPAM web interface before 3.0-HotFix1 in SolarWinds Orion Network Performance Monitor might allow remote attackers to inject arbitrary web script or HTML via the "Search for an IP address" field. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en la IPAMSummaryView.aspx en el interfaz web IPAM anterior a v3.0-HotFix1 en SolarWinds Orion Network Performance Monitor puede permitir a un atacante remoto inyectar código script o HTML de su elección a través del campo "Search for an IP address" • https://www.exploit-db.com/exploits/37995 http://www.kb.cert.org/vuls/id/203844 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •