Page 9 of 256 results (0.006 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-33224 – SolarWinds Platform Incorrect Behavior Order Vulnerability

https://notcve.org/view.php?id=CVE-2023-33224

The SolarWinds Platform was susceptible to the Incorrect Behavior Order Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the UpdateActionsProperties method. The issue results from input validation being performed too late in a sequence of operations. • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-3_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/cve-2023-33224 • CWE-696: Incorrect Behavior Order •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-33225 – SolarWinds Platform Deserialization of Untrusted Data Vulnerability

https://notcve.org/view.php?id=CVE-2023-33225

The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with SYSTEM privileges. La plataforma SolarWinds era susceptible a la vulnerabilidad de comparación incorrecta. Esta vulnerabilidad permite a los usuarios con acceso administrativo a SolarWinds Web Console ejecutar comandos arbitrarios con privilegios SYSTEM. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Platform. • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-3_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/cve-2023-33225 • CWE-697: Incorrect Comparison •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-23844 – SolarWinds Platform Incomplete List of Disallowed Inputs Vulnerability

https://notcve.org/view.php?id=CVE-2023-23844

The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with SYSTEM privileges. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the BlacklistedFilesChecker class. The issue results from an incomplete list of disallowed inputs. • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-3_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-23844 • CWE-184: Incomplete List of Disallowed Inputs CWE-697: Incorrect Comparison •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-33231 – XSS in SolarWinds Database Performance Analyzer 2023.2

https://notcve.org/view.php?id=CVE-2023-33231

XSS attack was possible in DPA 2023.2 due to insufficient input validation • https://documentation.solarwinds.com/en/success_center/dpa/content/release_notes/dpa_2023-2-100_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-33231 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-23841 – SolarWinds Serv-U Exposure of Sensitive Information Vulnerability

https://notcve.org/view.php?id=CVE-2023-23841

SolarWinds Serv-U is submitting an HTTP request when changing or updating the attributes for File Share or File request.  Part of the URL of the request discloses sensitive data. SolarWinds Serv-U está enviando una solicitud HTTP al cambiar o actualizar los atributos de "File Share" o "File Request?". Parte de la URL de la solicitud revela datos confidenciales. • https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/serv-u_15-4_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-23841 • CWE-319: Cleartext Transmission of Sensitive Information •