CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 0CVE-2023-33224 – SolarWinds Platform Incorrect Behavior Order Vulnerability
https://notcve.org/view.php?id=CVE-2023-33224
26 Jul 2023 — The SolarWinds Platform was susceptible to the Incorrect Behavior Order Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the UpdateActionsProperties method. The issue results from inp... • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-3_release_notes.htm • CWE-696: Incorrect Behavior Order •
CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 0CVE-2023-33225 – SolarWinds Platform Deserialization of Untrusted Data Vulnerability
https://notcve.org/view.php?id=CVE-2023-33225
26 Jul 2023 — The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with SYSTEM privileges. La plataforma SolarWinds era susceptible a la vulnerabilidad de comparación incorrecta. Esta vulnerabilidad permite a los usuarios con acceso administrativo a SolarWinds Web Console ejecutar comandos arbitrarios con privilegios SYSTEM. This vulnerability allows remote attackers to execute ... • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-3_release_notes.htm • CWE-697: Incorrect Comparison •
CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 0CVE-2023-23844 – SolarWinds Platform Incomplete List of Disallowed Inputs Vulnerability
https://notcve.org/view.php?id=CVE-2023-23844
26 Jul 2023 — The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with SYSTEM privileges. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the BlacklistedFilesChecker class. The issue results from an incomplete lis... • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-3_release_notes.htm • CWE-184: Incomplete List of Disallowed Inputs CWE-697: Incorrect Comparison •
CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 0CVE-2023-23839 – SolarWinds Platform Exposure of Sensitive Information Vulnerability
https://notcve.org/view.php?id=CVE-2023-23839
25 Apr 2023 — The SolarWinds Platform was susceptible to the Exposure of Sensitive Information Vulnerability. This vulnerability allows users to access Orion.WebCommunityStrings SWIS schema object and obtain sensitive information. • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-2_release_notes.htm • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-47512 – Sensitive Data Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-47512
19 Dec 2022 — Sensitive information was stored in plain text in a file that is accessible by a user with a local account in Hybrid Cloud Observability (HCO)/ SolarWinds Platform 2022.4. No other versions are affected • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-4-1_release_notes.htm • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 6.4EPSS: 1%CPEs: 1EXPL: 0CVE-2022-36965 – Stored and DOM XSS in QoE Applications: Orion Platform
https://notcve.org/view.php?id=CVE-2022-36965
30 Sep 2022 — Insufficient sanitization of inputs in QoE application input field could lead to stored and Dom based XSS attack. This issue is fixed and released in SolarWinds Platform (2022.3.0). Un saneo insuficiente de las entradas en el campo input de la aplicación QoE podría conllevar a un ataque de tipo XSS basado en el almacenamiento y en Dom. Este problema ha sido corregido y liberado en la plataforma SolarWinds (2022.3.0) • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-3_release_notes.htm#:~:text=Release%20date%3A%20May%2024%2C%202022%20These%20release%20notes%2Cissues.%20New%20features%20and%20improvements%20in%20SolarWinds%20Platform • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •