CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33227 – Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-33227
The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability This vulnerability allows a low level user to perform the actions with SYSTEM privileges. Network Configuration Manager era susceptible a una vulnerabilidad de Directory Traversal Remote Code Execution. Esta vulnerabilidad permite a un usuario de bajo nivel realizar acciones con privilegios de SYSTEM. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Configuration Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the SaveResultsToFile method. • https://documentation.solarwinds.com/en/success_center/ncm/content/release_notes/ncm_2023-4_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-33227 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33226 – Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-33226
The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows a low-level user to perform the actions with SYSTEM privileges. Network Configuration Manager era susceptible a una vulnerabilidad de Directory Traversal Remote Code Execution. Esta vulnerabilidad permite que un usuario de bajo nivel realice acciones con privilegios de SYSTEM. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Configuration Manager. • https://documentation.solarwinds.com/en/success_center/ncm/content/release_notes/ncm_2023-4_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-33226 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40061 – Insecure Job Execution Mechanism Vulnerability
https://notcve.org/view.php?id=CVE-2023-40061
Insecure job execution mechanism vulnerability. This vulnerability can lead to other attacks as a result. Vulnerabilidad del mecanismo de ejecución de trabajos inseguro. Como resultado, esta vulnerabilidad puede provocar otros ataques. • https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-40061 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40062 – Incomplete List of Disallowed Inputs Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-40062
SolarWinds Platform Incomplete List of Disallowed Inputs Remote Code Execution Vulnerability. If executed, this vulnerability would allow a low-privileged user to execute commands with SYSTEM privileges. Lista Incompleta de Entradas no Permitidas de la Plataforma SolarWinds vulnerabilidad de Ejecución Remota de Código. Si se ejecuta, esta vulnerabilidad permitiría a un usuario con pocos privilegios ejecutar comandos con permisos de SYSTEM. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Platform. • https://documentation.solarwinds.com/en/success_center/hco/content/release_notes/hco_2023-4_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-40062 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 0CVE-2023-35182 – SolarWinds Access Rights Manager Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-35182
The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability can be abused by unauthenticated users on SolarWinds ARM Server. SolarWinds Access Rights Manager era susceptible a una vulnerabilidad de ejecución remota de código. Esta vulnerabilidad puede ser aprovechada por usuarios no autenticados en SolarWinds ARM Server. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Access Rights Manager. • https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-1_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-35182 • CWE-502: Deserialization of Untrusted Data •