CVSS: 8.1EPSS: 3%CPEs: 1EXPL: 3CVE-2024-28999 – SolarWinds Platform Race Condition Vulnerability
https://notcve.org/view.php?id=CVE-2024-28999
04 Jun 2024 — The SolarWinds Platform was determined to be affected by a Race Condition Vulnerability affecting the web console. Se determinó que la plataforma SolarWinds estaba afectada por una vulnerabilidad de condición de ejecución que afectaba a la consola web. SolarWinds Platform version 2024.1 SR1 suffers from a race condition vulnerability. • https://packetstorm.news/files/id/179214 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.1EPSS: 5%CPEs: 1EXPL: 0CVE-2024-28996 – SolarWinds Platform SWQL Injection Vulnerability
https://notcve.org/view.php?id=CVE-2024-28996
04 Jun 2024 — The SolarWinds Platform was determined to be affected by a SWQL Injection Vulnerability. Attack complexity is high for this vulnerability. Se determinó que la plataforma SolarWinds estaba afectada por una vulnerabilidad de inyección SWQL. La complejidad del ataque es alta para esta vulnerabilidad. • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-2_release_notes.htm • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29000 – SolarWinds Platform Reflected XSS Vulnerability
https://notcve.org/view.php?id=CVE-2024-29000
20 May 2024 — The SolarWinds Platform was determined to be affected by a reflected cross-site scripting vulnerability affecting the web console. A high-privileged user and user interaction is required to exploit this vulnerability. Se determinó que la plataforma SolarWinds estaba afectada por una vulnerabilidad de cross site scripting reflejado que afectaba a la consola web. Se requiere un usuario con altos privilegios y la interacción del usuario para aprovechar esta vulnerabilidad. • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-1-1_release_notes.htm • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23473 – SolarWinds Access Rights Manager (ARM) Hard-Coded Credentials Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2024-23473
09 May 2024 — The SolarWinds Access Rights Manager was found to contain a hard-coded credential authentication bypass vulnerability. If exploited, this vulnerability allows access to the RabbitMQ management console. We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities. Se descubrió que SolarWinds Access Rights Manager contenía una vulnerabilidad de omisión de autenticación de credenciales codificada... • https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-4_release_notes.htm • CWE-798: Use of Hard-coded Credentials •
CVSS: 9.9EPSS: 45%CPEs: 1EXPL: 0CVE-2024-28075 – SolarWinds ARM Deserialization of Untrusted Data Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-28075
09 May 2024 — The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an authenticated user to abuse SolarWinds service resulting in remote code execution. We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities. SolarWinds Access Rights Manager era susceptible a una vulnerabilidad de ejecución remota de código. Esta vulnerabilidad permite ... • https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-4_release_notes.htm • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.2EPSS: 1%CPEs: 1EXPL: 0CVE-2024-28072 – Arbitrary File Overwrite Vulnerability
https://notcve.org/view.php?id=CVE-2024-28072
03 May 2024 — A highly privileged account can overwrite arbitrary files on the system with log output. The log file path tags were not sanitized properly. Una cuenta con muchos privilegios puede sobrescribir archivos arbitrarios en el sistema con resultados de registro. Las etiquetas de ruta del archivo de registro no se sanitizaron adecuadamente. • https://solarwindscore.my.site.com/SuccessCenter/s/article/Serv-U-15-4-2-Hotfix-1-Release-Notes?language=en_US • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29003 – SolarWinds Platform Cross Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2024-29003
18 Apr 2024 — The SolarWinds Platform was susceptible to a XSS vulnerability that affects the maps section of the user interface. This vulnerability requires authentication and requires user interaction. La plataforma SolarWinds era susceptible a una vulnerabilidad XSS que afecta la sección de mapas de la interfaz de usuario. Esta vulnerabilidad requiere autenticación y requiere interacción del usuario. • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-1-1_release_notes.htm • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 1%CPEs: 1EXPL: 0CVE-2024-29001 – SolarWinds Platform SWQL Injection Vulnerability
https://notcve.org/view.php?id=CVE-2024-29001
18 Apr 2024 — A SolarWinds Platform SWQL Injection Vulnerability was identified in the user interface. This vulnerability requires authentication and user interaction to be exploited. Se identificó una vulnerabilidad de inyección SWQL de la plataforma SolarWinds en la interfaz de usuario. Esta vulnerabilidad requiere autenticación e interacción del usuario para poder explotarse. • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-1-1_release_notes.htm • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28076 – SolarWinds Platform Arbitrary Open Redirection Vulnerability
https://notcve.org/view.php?id=CVE-2024-28076
18 Apr 2024 — The SolarWinds Platform was susceptible to a Arbitrary Open Redirection Vulnerability. A potential attacker can redirect to different domain when using URL parameter with relative entry in the correct format La plataforma SolarWinds era susceptible a una vulnerabilidad de redireccionamiento abierto arbitrario. Un atacante potencial puede redirigir a un dominio diferente cuando utiliza un parámetro de URL con una entrada relativa en el formato correcto. • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-1-1_release_notes.htm • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28073 – SolarWinds Serv-U Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-28073
17 Apr 2024 — SolarWinds Serv-U was found to be susceptible to a Directory Traversal Remote Code Vulnerability. This vulnerability requires a highly privileged account to be exploited. Se descubrió que SolarWinds Serv-U era susceptible a una vulnerabilidad de Directory Traversal Remote Code. Esta vulnerabilidad requiere una cuenta con privilegios elevados para poder explotarse. • https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28073 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •