CVSS: 10.0EPSS: 58%CPEs: 1EXPL: 0CVE-2024-0692 – SolarWinds Security Event Manager Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-0692
01 Mar 2024 — The SolarWinds Security Event Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an unauthenticated user to abuse SolarWinds’ service, resulting in remote code execution. SolarWinds Security Event Manager era susceptible a una vulnerabilidad de ejecución remota de código. Esta vulnerabilidad permite que un usuario no autenticado abuse del servicio de SolarWinds, lo que resulta en la ejecución remota de código. This vulnerability allows remote attackers to execute arbit... • https://documentation.solarwinds.com/en/success_center/sem/content/release_notes/sem_2023-4-1_release_notes.htm • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.9EPSS: 73%CPEs: 1EXPL: 0CVE-2023-40057 – SolarWinds Access Rights Manager (ARM) Deserialization of Untrusted Data Remote Code Execution
https://notcve.org/view.php?id=CVE-2023-40057
15 Feb 2024 — The SolarWinds Access Rights Manager was found to be susceptible to a Remote Code Execution Vulnerability. If exploited, this vulnerability allows an authenticated user to abuse a SolarWinds service resulting in remote code execution. Se descubrió que SolarWinds Access Rights Manager era susceptible a una vulnerabilidad de ejecución remota de código. Si se explota, esta vulnerabilidad permite que un usuario autenticado abuse de un servicio de SolarWinds, lo que resulta en la ejecución remota de código. This... • https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-40057 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.6EPSS: 2%CPEs: 1EXPL: 0CVE-2024-23477 – SolarWinds Access Rights Manager (ARM) Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-23477
15 Feb 2024 — The SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited, this vulnerability allows an unauthenticated user to achieve a Remote Code Execution. Se descubrió que SolarWinds Access Rights Manager (ARM) era susceptible a una vulnerabilidad de Directory Traversal Remote Code Execution. Si se explota, esta vulnerabilidad permite a un usuario no autenticado lograr una ejecución remota de código. This vulnerability allows remo... • https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-23477 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 3%CPEs: 1EXPL: 0CVE-2024-23476 – SolarWinds Access Rights Manager (ARM) Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-23476
15 Feb 2024 — The SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited, this vulnerability allows an unauthenticated user to achieve the Remote Code Execution. Se descubrió que SolarWinds Access Rights Manager (ARM) era susceptible a una vulnerabilidad de Directory Traversal Remote Code Execution. Si se explota, esta vulnerabilidad permite que un usuario no autenticado logre la ejecución remota de código. This vulnerability allows re... • https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-23476 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.9EPSS: 41%CPEs: 1EXPL: 0CVE-2024-23478 – SolarWinds Access Rights Manager (ARM) Deserialization of Untrusted Data Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-23478
15 Feb 2024 — SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Remote Code Execution Vulnerability. If exploited, this vulnerability allows an authenticated user to abuse a SolarWinds service, resulting in remote code execution. Se descubrió que SolarWinds Access Rights Manager (ARM) era susceptible a una vulnerabilidad de ejecución remota de código. Si se explota, esta vulnerabilidad permite que un usuario autenticado abuse de un servicio de SolarWinds, lo que resulta en la ejecución remota de cód... • https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-23478 • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 3%CPEs: 1EXPL: 0CVE-2024-23479 – SolarWinds Access Rights Manager (ARM) Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-23479
15 Feb 2024 — SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited, this vulnerability allows an unauthenticated user to achieve a Remote Code Execution. Se descubrió que SolarWinds Access Rights Manager (ARM) era susceptible a una vulnerabilidad de Directory Traversal Remote Code Execution. Si se explota, esta vulnerabilidad permite a un usuario no autenticado lograr una ejecución remota de código. This vulnerability allows remote a... • https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-23479 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.0EPSS: 3%CPEs: 1EXPL: 0CVE-2023-35188 – SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-35188
06 Feb 2024 — SQL Injection Remote Code Execution Vulnerability was found using a create statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited. La vulnerabilidad de ejecución remota de código de inyección SQL se encontró mediante una declaración de creación en la plataforma SolarWinds. Esta vulnerabilidad requiere que se aproveche la autenticación del usuario. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion ... • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-1_release_notes.htm • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 3%CPEs: 1EXPL: 0CVE-2023-50395 – SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-50395
06 Feb 2024 — SQL Injection Remote Code Execution Vulnerability was found using an update statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited La vulnerabilidad de ejecución remota de código de inyección SQL se encontró mediante una declaración de actualización en la plataforma SolarWinds. Esta vulnerabilidad requiere la autenticación del usuario para ser explotada. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds... • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-1_release_notes.htm • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40058 – Sensitive Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-40058
21 Dec 2023 — Sensitive data was added to our public-facing knowledgebase that, if exploited, could be used to access components of Access Rights Manager (ARM) if the threat actor is in the same environment. Se agregaron datos confidenciales a nuestra base de conocimiento pública que, si se explotan, podrían usarse para acceder a componentes de Access Rights Manager (ARM) si el actor de la amenaza se encuentra en el mismo entorno. This vulnerability allows remote attackers to bypass authentication on affected installatio... • https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-40058 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-40053 – HTML injection Vulnerability in Serv-U 15.4
https://notcve.org/view.php?id=CVE-2023-40053
06 Dec 2023 — A vulnerability has been identified within Serv-U 15.4 that allows an authenticated actor to insert content on the file share function feature of Serv-U, which could be used maliciously. Se ha identificado una vulnerabilidad en Serv-U 15.4 que permite a un actor autenticado insertar contenido en la función de compartir archivos de Serv-U, que podría usarse de manera maliciosa. • https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-4-1_release_notes.htm • CWE-20: Improper Input Validation •