CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52611 – SolarWinds Platform Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-52611
11 Feb 2025 — The SolarWinds Platform is vulnerable to an information disclosure vulnerability through an error message. While the data does not provide anything sensitive, the information could assist an attacker in other malicious actions. • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2025-1_release_notes.htm • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52612 – SolarWinds Platform Reflected Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2024-52612
11 Feb 2025 — SolarWinds Platform is vulnerable to a reflected cross-site scripting vulnerability. This was caused by an insufficient sanitation of input parameters. This vulnerability requires authentication by a high- privileged account to be exploitable. • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2025-1_release_notes.htm • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45718 – Sensitive data disclosure vulnerability
https://notcve.org/view.php?id=CVE-2024-45718
11 Feb 2025 — Sensitive data could be exposed to non- privileged users in a configuration file. Local access to the computer with a low- privileged account is required to access the configuration file containing the sensitive data. • https://documentation.solarwinds.com/en/success_center/kss/content/release_notes/kssng_1-3-1_release_notes.htm • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28989 – SolarWinds Web Help Desk Cryptographic Key Management Vulnerability
https://notcve.org/view.php?id=CVE-2024-28989
11 Feb 2025 — SolarWinds Web Help Desk was found to have a hardcoded cryptographic key that could allow the disclosure of sensitive information from the software. • https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_12-8-5_release_notes.htm • CWE-321: Use of Hard-coded Cryptographic Key •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45709 – SolarWinds Web Help Desk Local File Read Vulnerability
https://notcve.org/view.php?id=CVE-2024-45709
10 Dec 2024 — SolarWinds Web Help Desk was susceptible to a local file read vulnerability. This vulnerability requires the software be installed on Linux and configured to use non-default development/test mode making exposure to the vulnerability very limited. • https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_12-8-4_release_notes.htm • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45717 – SolarWinds Platform Cross- Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2024-45717
04 Dec 2024 — The SolarWinds Platform was susceptible to a XSS vulnerability that affects the search and node information section of the user interface. This vulnerability requires authentication and requires user interaction. • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-4-1_release_notes.htm • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45713 – SolarWinds Kiwi CatTools Sensitive Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-45713
17 Oct 2024 — SolarWinds Kiwi CatTools is susceptible to a sensitive data disclosure vulnerability when a non-default setting has been enabled for troubleshooting purposes. • https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-45713 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 9.0EPSS: 5%CPEs: 1EXPL: 0CVE-2024-45711 – SolarWinds Serv-U FTP Service Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-45711
16 Oct 2024 — SolarWinds Serv-U is vulnerable to a directory traversal vulnerability where remote code execution is possible depending on privileges given to the authenticated user. This issue requires a user to be authenticated and this is present when software environment variables are abused. Authentication is required for this vulnerability SolarWinds Serv-U es vulnerable a una vulnerabilidad de directory traversal en la que es posible la ejecución remota de código según los privilegios otorgados al usuario autentica... • https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-45711 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45714 – SolarWinds Serv-U Stored XSS Vulnerability
https://notcve.org/view.php?id=CVE-2024-45714
16 Oct 2024 — Application is vulnerable to Cross Site Scripting (XSS) an authenticated attacker with users’ permissions can modify a variable with a payload. La aplicación es vulnerable a Cross Site Scripting (XSS): un atacante autenticado con permisos de usuario puede modificar una variable con un payload. • https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-45714 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45715 – SolarWinds Platform Edit Function Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2024-45715
16 Oct 2024 — The SolarWinds Platform was susceptible to a Cross-Site Scripting vulnerability when performing an edit function to existing elements. La plataforma SolarWinds era susceptible a una vulnerabilidad de cross-site scripting al realizar una función de edición en elementos existentes. • https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-45715 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •