CVE-2023-40053 – HTML injection Vulnerability in Serv-U 15.4
https://notcve.org/view.php?id=CVE-2023-40053
A vulnerability has been identified within Serv-U 15.4 that allows an authenticated actor to insert content on the file share function feature of Serv-U, which could be used maliciously. Se ha identificado una vulnerabilidad en Serv-U 15.4 que permite a un actor autenticado insertar contenido en la función de compartir archivos de Serv-U, que podría usarse de manera maliciosa. • https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-4-1_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-40053 • CWE-20: Improper Input Validation •
CVE-2023-40056 – SolarWinds Platform SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-40056
SQL Injection Remote Code Vulnerability was found in the SolarWinds Platform. This vulnerability can be exploited with a low privileged account. Se encontró una vulnerabilidad de código remoto de inyección SQL en la plataforma SolarWinds. Esta vulnerabilidad se puede explotar con una cuenta con pocos privilegios. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Platform. • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-4-2_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-40056 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-40055 – SolarWinds Network Configuration Manager Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-40055
The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows a low-level user to perform the actions with SYSTEM privileges. We found this issue was not resolved in CVE-2023-33227 Network Configuration Manager era susceptible a Directory Traversal Remote Code Execution Vulnerability. Esta vulnerabilidad permite que un usuario de bajo nivel realice acciones con privilegios de SYSTEM. Descubrimos que este problema no se resolvió en CVE-2023-33227. • https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-40055 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2023-40054 – SolarWinds Network Configuration Manager Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-40054
The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows a low-level user to perform the actions with SYSTEM privileges. We found this issue was not resolved in CVE-2023-33226 Network Configuration Manager era susceptible a Directory Traversal Remote Code Execution Vulnerability. Esta vulnerabilidad permite que un usuario de bajo nivel realice acciones con privilegios de SYSTEMA. Descubrimos que este problema no se resolvió en CVE-2023-33226. • https://documentation.solarwinds.com/en/success_center/ncm/content/release_notes/ncm_2023-4-1_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-40054 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2023-33228 – SolarWinds Network Configuration Manager Sensitive Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-33228
The SolarWinds Network Configuration Manager was susceptible to the Exposure of Sensitive Information Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to obtain sensitive information. Network Configuration Manager de SolarWinds era susceptible a la vulnerabilidad de Exposición de Información Confidencial. Esta vulnerabilidad permite a los usuarios con acceso administrativo a SolarWinds Web Console obtener información confidencial. • https://documentation.solarwinds.com/en/success_center/ncm/content/release_notes/ncm_2023-4_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-33228 • CWE-311: Missing Encryption of Sensitive Data •