CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40058 – Sensitive Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-40058
21 Dec 2023 — Sensitive data was added to our public-facing knowledgebase that, if exploited, could be used to access components of Access Rights Manager (ARM) if the threat actor is in the same environment. Se agregaron datos confidenciales a nuestra base de conocimiento pública que, si se explotan, podrían usarse para acceder a componentes de Access Rights Manager (ARM) si el actor de la amenaza se encuentra en el mismo entorno. This vulnerability allows remote attackers to bypass authentication on affected installatio... • https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-40058 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-40053 – HTML injection Vulnerability in Serv-U 15.4
https://notcve.org/view.php?id=CVE-2023-40053
06 Dec 2023 — A vulnerability has been identified within Serv-U 15.4 that allows an authenticated actor to insert content on the file share function feature of Serv-U, which could be used maliciously. Se ha identificado una vulnerabilidad en Serv-U 15.4 que permite a un actor autenticado insertar contenido en la función de compartir archivos de Serv-U, que podría usarse de manera maliciosa. • https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-4-1_release_notes.htm • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40056 – SolarWinds Platform SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-40056
28 Nov 2023 — SQL Injection Remote Code Vulnerability was found in the SolarWinds Platform. This vulnerability can be exploited with a low privileged account. Se encontró una vulnerabilidad de código remoto de inyección SQL en la plataforma SolarWinds. Esta vulnerabilidad se puede explotar con una cuenta con pocos privilegios. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Platform. • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-4-2_release_notes.htm • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 3%CPEs: 1EXPL: 0CVE-2023-40055 – SolarWinds Network Configuration Manager Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-40055
09 Nov 2023 — The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows a low-level user to perform the actions with SYSTEM privileges. We found this issue was not resolved in CVE-2023-33227 Network Configuration Manager era susceptible a Directory Traversal Remote Code Execution Vulnerability. Esta vulnerabilidad permite que un usuario de bajo nivel realice acciones con privilegios de SYSTEM. Descubrimos que este problema no se resolvió en C... • https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-40055 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.0EPSS: 1%CPEs: 1EXPL: 0CVE-2023-40054 – SolarWinds Network Configuration Manager Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-40054
09 Nov 2023 — The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows a low-level user to perform the actions with SYSTEM privileges. We found this issue was not resolved in CVE-2023-33226 Network Configuration Manager era susceptible a Directory Traversal Remote Code Execution Vulnerability. Esta vulnerabilidad permite que un usuario de bajo nivel realice acciones con privilegios de SYSTEMA. Descubrimos que este problema no se resolvió en ... • https://documentation.solarwinds.com/en/success_center/ncm/content/release_notes/ncm_2023-4-1_release_notes.htm • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33228 – SolarWinds Network Configuration Manager Sensitive Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-33228
01 Nov 2023 — The SolarWinds Network Configuration Manager was susceptible to the Exposure of Sensitive Information Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to obtain sensitive information. Network Configuration Manager de SolarWinds era susceptible a la vulnerabilidad de Exposición de Información Confidencial. Esta vulnerabilidad permite a los usuarios con acceso administrativo a SolarWinds Web Console obtener información confidencial. • https://documentation.solarwinds.com/en/success_center/ncm/content/release_notes/ncm_2023-4_release_notes.htm • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 9.0EPSS: 3%CPEs: 1EXPL: 0CVE-2023-33227 – Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-33227
01 Nov 2023 — The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability This vulnerability allows a low level user to perform the actions with SYSTEM privileges. Network Configuration Manager era susceptible a una vulnerabilidad de Directory Traversal Remote Code Execution. Esta vulnerabilidad permite a un usuario de bajo nivel realizar acciones con privilegios de SYSTEM. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ... • https://documentation.solarwinds.com/en/success_center/ncm/content/release_notes/ncm_2023-4_release_notes.htm • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.0EPSS: 3%CPEs: 1EXPL: 0CVE-2023-33226 – Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-33226
01 Nov 2023 — The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows a low-level user to perform the actions with SYSTEM privileges. Network Configuration Manager era susceptible a una vulnerabilidad de Directory Traversal Remote Code Execution. Esta vulnerabilidad permite que un usuario de bajo nivel realice acciones con privilegios de SYSTEM. This vulnerability allows remote attackers to execute arbitrary code on affected installations o... • https://documentation.solarwinds.com/en/success_center/ncm/content/release_notes/ncm_2023-4_release_notes.htm • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40061 – Insecure Job Execution Mechanism Vulnerability
https://notcve.org/view.php?id=CVE-2023-40061
01 Nov 2023 — Insecure job execution mechanism vulnerability. This vulnerability can lead to other attacks as a result. Vulnerabilidad del mecanismo de ejecución de trabajos inseguro. Como resultado, esta vulnerabilidad puede provocar otros ataques. Insecure job execution mechanism vulnerability. • https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-40061 • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 2%CPEs: 1EXPL: 0CVE-2023-40062 – Incomplete List of Disallowed Inputs Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-40062
01 Nov 2023 — SolarWinds Platform Incomplete List of Disallowed Inputs Remote Code Execution Vulnerability. If executed, this vulnerability would allow a low-privileged user to execute commands with SYSTEM privileges. Lista Incompleta de Entradas no Permitidas de la Plataforma SolarWinds vulnerabilidad de Ejecución Remota de Código. Si se ejecuta, esta vulnerabilidad permitiría a un usuario con pocos privilegios ejecutar comandos con permisos de SYSTEM. This vulnerability allows remote attackers to execute arbitrary code... • https://documentation.solarwinds.com/en/success_center/hco/content/release_notes/hco_2023-4_release_notes.htm • CWE-20: Improper Input Validation •