CVE-2023-33227 – Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-33227
The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability This vulnerability allows a low level user to perform the actions with SYSTEM privileges. Network Configuration Manager era susceptible a una vulnerabilidad de Directory Traversal Remote Code Execution. Esta vulnerabilidad permite a un usuario de bajo nivel realizar acciones con privilegios de SYSTEM. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Configuration Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the SaveResultsToFile method. • https://documentation.solarwinds.com/en/success_center/ncm/content/release_notes/ncm_2023-4_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-33227 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2023-33226 – Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-33226
The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows a low-level user to perform the actions with SYSTEM privileges. Network Configuration Manager era susceptible a una vulnerabilidad de Directory Traversal Remote Code Execution. Esta vulnerabilidad permite que un usuario de bajo nivel realice acciones con privilegios de SYSTEM. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Configuration Manager. • https://documentation.solarwinds.com/en/success_center/ncm/content/release_notes/ncm_2023-4_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-33226 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2023-40061 – Insecure Job Execution Mechanism Vulnerability
https://notcve.org/view.php?id=CVE-2023-40061
Insecure job execution mechanism vulnerability. This vulnerability can lead to other attacks as a result. Vulnerabilidad del mecanismo de ejecución de trabajos inseguro. Como resultado, esta vulnerabilidad puede provocar otros ataques. • https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-40061 • CWE-20: Improper Input Validation •
CVE-2023-40062 – Incomplete List of Disallowed Inputs Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-40062
SolarWinds Platform Incomplete List of Disallowed Inputs Remote Code Execution Vulnerability. If executed, this vulnerability would allow a low-privileged user to execute commands with SYSTEM privileges. Lista Incompleta de Entradas no Permitidas de la Plataforma SolarWinds vulnerabilidad de Ejecución Remota de Código. Si se ejecuta, esta vulnerabilidad permitiría a un usuario con pocos privilegios ejecutar comandos con permisos de SYSTEM. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Platform. • https://documentation.solarwinds.com/en/success_center/hco/content/release_notes/hco_2023-4_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-40062 • CWE-20: Improper Input Validation •
CVE-2023-35183 – SolarWinds Access Rights Manager Incorrect Default Permissions Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-35183
The SolarWinds Access Rights Manager was susceptible to Privilege Escalation Vulnerability. This vulnerability allows authenticated users to abuse local resources to Privilege Escalation. SolarWinds Access Rights Manager era susceptible a una vulnerabilidad de escalada de privilegios. Esta vulnerabilidad permite a los usuarios autenticados abusar de los recursos locales para escalar privilegios. This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Access Rights Manager. • https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-1_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-35183 • CWE-276: Incorrect Default Permissions •