Page 9 of 256 results (0.005 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

The SolarWinds Platform was susceptible to the Incorrect Behavior Order Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the UpdateActionsProperties method. The issue results from input validation being performed too late in a sequence of operations. • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-3_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/cve-2023-33224 • CWE-696: Incorrect Behavior Order •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with SYSTEM privileges. La plataforma SolarWinds era susceptible a la vulnerabilidad de comparación incorrecta. Esta vulnerabilidad permite a los usuarios con acceso administrativo a SolarWinds Web Console ejecutar comandos arbitrarios con privilegios SYSTEM. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Platform. • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-3_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/cve-2023-33225 • CWE-697: Incorrect Comparison •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with SYSTEM privileges. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the BlacklistedFilesChecker class. The issue results from an incomplete list of disallowed inputs. • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-3_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-23844 • CWE-184: Incomplete List of Disallowed Inputs CWE-697: Incorrect Comparison •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

XSS attack was possible in DPA 2023.2 due to insufficient input validation • https://documentation.solarwinds.com/en/success_center/dpa/content/release_notes/dpa_2023-2-100_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-33231 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

SolarWinds Serv-U is submitting an HTTP request when changing or updating the attributes for File Share or File request.  Part of the URL of the request discloses sensitive data. SolarWinds Serv-U está enviando una solicitud HTTP al cambiar o actualizar los atributos de "File Share" o "File Request?". Parte de la URL de la solicitud revela datos confidenciales. • https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/serv-u_15-4_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-23841 • CWE-319: Cleartext Transmission of Sensitive Information •