CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2023-35186 – SolarWinds Access Rights Manager Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-35186
The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an authenticated user to abuse SolarWinds service resulting in remote code execution. SolarWinds Access Rights Manager era susceptible a una vulnerabilidad de ejecución remota de código. Esta vulnerabilidad permite que un usuario autenticado abuse del servicio SolarWinds, lo que resulta en la ejecución remota de código. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Access Rights Manager. • https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-1_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-35186 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2023-35187 – SolarWinds Access Rights Manager Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-35187
The SolarWinds Access Rights Manager was susceptible to a Directory Traversal Remote Code Vulnerability. This vulnerability allows an unauthenticated user to achieve the Remote Code Execution. SolarWinds Access Rights Manager era susceptible a una vulnerabilidad de Directory Traversal Remote Code. Esta vulnerabilidad permite que un usuario no autenticado logre la ejecución remota de código. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Access Rights Manager. • https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-1_release_notes.htm https://https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-35187 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23845 – SolarWinds Platform Exposed Dangerous Method Vulnerability
https://notcve.org/view.php?id=CVE-2023-23845
The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges. La plataforma SolarWinds era susceptible a la vulnerabilidad de Comparación Incorrecta. Esta vulnerabilidad permite a los usuarios con acceso administrativo a SolarWinds Web Console ejecutar comandos arbitrarios con privilegios de SERVICIO DE RED. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Platform. • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-3-1_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-23845 • CWE-697: Incorrect Comparison •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23840 – SolarWinds Platform Exposed Dangerous Method Vulnerability
https://notcve.org/view.php?id=CVE-2023-23840
The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges. La plataforma SolarWinds era susceptible a la vulnerabilidad de Comparación Incorrecta. Esta vulnerabilidad permite a los usuarios con acceso administrativo a SolarWinds Web Console ejecutar comandos arbitrarios con privilegios de SERVICIO DE RED. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Platform. • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-3-1_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-23840 • CWE-697: Incorrect Comparison •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2023-40060 – 2FA/MFA Bypass Vulnerability in Serv-U 15.4 and 15.4 Hotfix 1
https://notcve.org/view.php?id=CVE-2023-40060
A vulnerability has been identified within Serv-U 15.4 and 15.4 Hotfix 1 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action. 15.4. SolarWinds found that the issue was not completely fixed in 15.4 Hotfix 1. Se ha identificado una vulnerabilidad dentro de Serv-U 15.4 y 15.4 Hotfix 1 que, si se explota, permite a un actor eludir la autenticación multifactor/de dos factores. El actor debe tener acceso de nivel de administrador a Serv-U para realizar esta acción. 15.4. • https://support.solarwinds.com/SuccessCenter/s/article/Serv-U-15-4-0-Hotfix-2?language=en_US https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-40060 • CWE-284: Improper Access Control •