CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23841 – SolarWinds Serv-U Exposure of Sensitive Information Vulnerability
https://notcve.org/view.php?id=CVE-2023-23841
15 Jun 2023 — SolarWinds Serv-U is submitting an HTTP request when changing or updating the attributes for File Share or File request. Part of the URL of the request discloses sensitive data. SolarWinds Serv-U está enviando una solicitud HTTP al cambiar o actualizar los atributos de "File Share" o "File Request?". Parte de la URL de la solicitud revela datos confidenciales. • https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/serv-u_15-4_release_notes.htm • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-23838 – Directory traversal and file enumeration vulnerability: Database Performance Analyzer (DPA) 2023.1
https://notcve.org/view.php?id=CVE-2023-23838
25 Apr 2023 — Directory traversal and file enumeration vulnerability which allowed users to enumerate to different folders of the server. • https://documentation.solarwinds.com/en/success_center/dpa/content/release_notes/dpa_2023-2_release_notes.htm • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23839 – SolarWinds Platform Exposure of Sensitive Information Vulnerability
https://notcve.org/view.php?id=CVE-2023-23839
25 Apr 2023 — The SolarWinds Platform was susceptible to the Exposure of Sensitive Information Vulnerability. This vulnerability allows users to access Orion.WebCommunityStrings SWIS schema object and obtain sensitive information. • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-2_release_notes.htm • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-23837 – No Exception Handling Vulnerability: Database Performance Analyzer (DPA) 2023.1
https://notcve.org/view.php?id=CVE-2023-23837
25 Apr 2023 — No exception handling vulnerability which revealed sensitive or excessive information to users. • https://documentation.solarwinds.com/en/success_center/dpa/content/release_notes/dpa_2023-2_release_notes.htm • CWE-209: Generation of Error Message Containing Sensitive Information CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36963 – SolarWinds Platform Deserialization of Untrusted Data Vulnerability
https://notcve.org/view.php?id=CVE-2022-36963
21 Apr 2023 — The SolarWinds Platform was susceptible to the Command Injection Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform admin account to execute arbitrary commands. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor. Authentication is required to exploit this vulnerability. The specific flaw exists within the ExecuteExternalProgram method. The issue results from the lack of proper vali... • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-2_release_notes.htm • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47505 – SolarWinds Platform Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-47505
21 Apr 2023 — The SolarWinds Platform was susceptible to the Local Privilege Escalation Vulnerability. This vulnerability allows a local adversary with a valid system user account to escalate local privileges. This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuratio... • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-2_release_notes.htm • CWE-269: Improper Privilege Management •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47509 – SolarWinds Platform Incorrect Input Neutralization Vulnerability
https://notcve.org/view.php?id=CVE-2022-47509
21 Apr 2023 — The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform account to append URL parameters to inject HTML. • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-2_release_notes.htm • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47503 – SolarWinds Platform Deserialization of Untrusted Data Vulnerability
https://notcve.org/view.php?id=CVE-2022-47503
15 Feb 2023 — SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor. Authentication is required to exploit this vulnerability. The specific flaw exists within the WorkerControllerWCFProxy function. The issue results from the ... • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-1_release_notes.htm • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47504 – SolarWinds Platform Deserialization of Untrusted Data Vulnerability
https://notcve.org/view.php?id=CVE-2022-47504
15 Feb 2023 — SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor. Authentication is required to exploit this vulnerability. The specific flaw exists within the SqlFileScript function. The issue results from the lack of pro... • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-1_release_notes.htm • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 37%CPEs: 1EXPL: 0CVE-2023-23836 – SolarWinds Platform Deserialization of Untrusted Data Vulnerability
https://notcve.org/view.php?id=CVE-2023-23836
15 Feb 2023 — SolarWinds Platform version 2022.4.1 was found to be susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to the SolarWinds Web Console to execute arbitrary commands. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor. Authentication is required to exploit this vulnerability. The specific flaw exists within the CredentialInitializer functio... • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-1_release_notes.htm • CWE-502: Deserialization of Untrusted Data •