CVSS: 7.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28076 – SolarWinds Platform Arbitrary Open Redirection Vulnerability
https://notcve.org/view.php?id=CVE-2024-28076
18 Apr 2024 — The SolarWinds Platform was susceptible to a Arbitrary Open Redirection Vulnerability. A potential attacker can redirect to different domain when using URL parameter with relative entry in the correct format La plataforma SolarWinds era susceptible a una vulnerabilidad de redireccionamiento abierto arbitrario. Un atacante potencial puede redirigir a un dominio diferente cuando utiliza un parámetro de URL con una entrada relativa en el formato correcto. • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-1-1_release_notes.htm • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28073 – SolarWinds Serv-U Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-28073
17 Apr 2024 — SolarWinds Serv-U was found to be susceptible to a Directory Traversal Remote Code Vulnerability. This vulnerability requires a highly privileged account to be exploited. Se descubrió que SolarWinds Serv-U era susceptible a una vulnerabilidad de Directory Traversal Remote Code. Esta vulnerabilidad requiere una cuenta con privilegios elevados para poder explotarse. • https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28073 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 86%CPEs: 1EXPL: 0CVE-2024-0692 – SolarWinds Security Event Manager Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-0692
01 Mar 2024 — The SolarWinds Security Event Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an unauthenticated user to abuse SolarWinds’ service, resulting in remote code execution. SolarWinds Security Event Manager era susceptible a una vulnerabilidad de ejecución remota de código. Esta vulnerabilidad permite que un usuario no autenticado abuse del servicio de SolarWinds, lo que resulta en la ejecución remota de código. This vulnerability allows remote attackers to execute arbit... • https://documentation.solarwinds.com/en/success_center/sem/content/release_notes/sem_2023-4-1_release_notes.htm • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.9EPSS: 8%CPEs: 1EXPL: 0CVE-2023-40057 – SolarWinds Access Rights Manager (ARM) Deserialization of Untrusted Data Remote Code Execution
https://notcve.org/view.php?id=CVE-2023-40057
15 Feb 2024 — The SolarWinds Access Rights Manager was found to be susceptible to a Remote Code Execution Vulnerability. If exploited, this vulnerability allows an authenticated user to abuse a SolarWinds service resulting in remote code execution. Se descubrió que SolarWinds Access Rights Manager era susceptible a una vulnerabilidad de ejecución remota de código. Si se explota, esta vulnerabilidad permite que un usuario autenticado abuse de un servicio de SolarWinds, lo que resulta en la ejecución remota de código. This... • https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-40057 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.6EPSS: 1%CPEs: 1EXPL: 0CVE-2024-23477 – SolarWinds Access Rights Manager (ARM) Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-23477
15 Feb 2024 — The SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited, this vulnerability allows an unauthenticated user to achieve a Remote Code Execution. Se descubrió que SolarWinds Access Rights Manager (ARM) era susceptible a una vulnerabilidad de Directory Traversal Remote Code Execution. Si se explota, esta vulnerabilidad permite a un usuario no autenticado lograr una ejecución remota de código. This vulnerability allows remo... • https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-23477 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2024-23476 – SolarWinds Access Rights Manager (ARM) Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-23476
15 Feb 2024 — The SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited, this vulnerability allows an unauthenticated user to achieve the Remote Code Execution. Se descubrió que SolarWinds Access Rights Manager (ARM) era susceptible a una vulnerabilidad de Directory Traversal Remote Code Execution. Si se explota, esta vulnerabilidad permite que un usuario no autenticado logre la ejecución remota de código. This vulnerability allows re... • https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-23476 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.9EPSS: 68%CPEs: 1EXPL: 0CVE-2024-23478 – SolarWinds Access Rights Manager (ARM) Deserialization of Untrusted Data Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-23478
15 Feb 2024 — SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Remote Code Execution Vulnerability. If exploited, this vulnerability allows an authenticated user to abuse a SolarWinds service, resulting in remote code execution. Se descubrió que SolarWinds Access Rights Manager (ARM) era susceptible a una vulnerabilidad de ejecución remota de código. Si se explota, esta vulnerabilidad permite que un usuario autenticado abuse de un servicio de SolarWinds, lo que resulta en la ejecución remota de cód... • https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-23478 • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2024-23479 – SolarWinds Access Rights Manager (ARM) Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-23479
15 Feb 2024 — SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited, this vulnerability allows an unauthenticated user to achieve a Remote Code Execution. Se descubrió que SolarWinds Access Rights Manager (ARM) era susceptible a una vulnerabilidad de Directory Traversal Remote Code Execution. Si se explota, esta vulnerabilidad permite a un usuario no autenticado lograr una ejecución remota de código. This vulnerability allows remote a... • https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-23479 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35188 – SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-35188
06 Feb 2024 — SQL Injection Remote Code Execution Vulnerability was found using a create statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited. La vulnerabilidad de ejecución remota de código de inyección SQL se encontró mediante una declaración de creación en la plataforma SolarWinds. Esta vulnerabilidad requiere que se aproveche la autenticación del usuario. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion ... • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-1_release_notes.htm • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50395 – SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-50395
06 Feb 2024 — SQL Injection Remote Code Execution Vulnerability was found using an update statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited La vulnerabilidad de ejecución remota de código de inyección SQL se encontró mediante una declaración de actualización en la plataforma SolarWinds. Esta vulnerabilidad requiere la autenticación del usuario para ser explotada. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds... • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-1_release_notes.htm • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •