CVSS: 9.0EPSS: 3%CPEs: 1EXPL: 0CVE-2023-40055 – SolarWinds Network Configuration Manager Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-40055
09 Nov 2023 — The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows a low-level user to perform the actions with SYSTEM privileges. We found this issue was not resolved in CVE-2023-33227 Network Configuration Manager era susceptible a Directory Traversal Remote Code Execution Vulnerability. Esta vulnerabilidad permite que un usuario de bajo nivel realice acciones con privilegios de SYSTEM. Descubrimos que este problema no se resolvió en C... • https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-40055 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.0EPSS: 1%CPEs: 1EXPL: 0CVE-2023-40054 – SolarWinds Network Configuration Manager Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-40054
09 Nov 2023 — The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows a low-level user to perform the actions with SYSTEM privileges. We found this issue was not resolved in CVE-2023-33226 Network Configuration Manager era susceptible a Directory Traversal Remote Code Execution Vulnerability. Esta vulnerabilidad permite que un usuario de bajo nivel realice acciones con privilegios de SYSTEMA. Descubrimos que este problema no se resolvió en ... • https://documentation.solarwinds.com/en/success_center/ncm/content/release_notes/ncm_2023-4-1_release_notes.htm • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33228 – SolarWinds Network Configuration Manager Sensitive Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-33228
01 Nov 2023 — The SolarWinds Network Configuration Manager was susceptible to the Exposure of Sensitive Information Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to obtain sensitive information. Network Configuration Manager de SolarWinds era susceptible a la vulnerabilidad de Exposición de Información Confidencial. Esta vulnerabilidad permite a los usuarios con acceso administrativo a SolarWinds Web Console obtener información confidencial. • https://documentation.solarwinds.com/en/success_center/ncm/content/release_notes/ncm_2023-4_release_notes.htm • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 9.0EPSS: 3%CPEs: 1EXPL: 0CVE-2023-33227 – Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-33227
01 Nov 2023 — The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability This vulnerability allows a low level user to perform the actions with SYSTEM privileges. Network Configuration Manager era susceptible a una vulnerabilidad de Directory Traversal Remote Code Execution. Esta vulnerabilidad permite a un usuario de bajo nivel realizar acciones con privilegios de SYSTEM. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ... • https://documentation.solarwinds.com/en/success_center/ncm/content/release_notes/ncm_2023-4_release_notes.htm • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.0EPSS: 3%CPEs: 1EXPL: 0CVE-2023-33226 – Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-33226
01 Nov 2023 — The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows a low-level user to perform the actions with SYSTEM privileges. Network Configuration Manager era susceptible a una vulnerabilidad de Directory Traversal Remote Code Execution. Esta vulnerabilidad permite que un usuario de bajo nivel realice acciones con privilegios de SYSTEM. This vulnerability allows remote attackers to execute arbitrary code on affected installations o... • https://documentation.solarwinds.com/en/success_center/ncm/content/release_notes/ncm_2023-4_release_notes.htm • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-35226 – Hashed Credential Exposure Vulnerability
https://notcve.org/view.php?id=CVE-2021-35226
10 Oct 2022 — An entity in Network Configuration Manager product is misconfigured and exposing password field to Solarwinds Information Service (SWIS). Exposed credentials are encrypted and require authenticated access with an NCM role. Una entidad del producto Network Configuration Manager está configurada inapropiadamente y expone el campo de la contraseña al Servicio de Información de Solarwinds (SWIS). Las credenciales expuestas están cifradas y requieren un acceso autenticado con un rol de NCM • https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35226 • CWE-326: Inadequate Encryption Strength •
CVSS: 9.8EPSS: 4%CPEs: 3EXPL: 0CVE-2014-3459 – SolarWinds Network Configuration Manager PEstrarg1 Heap Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-3459
19 May 2014 — Heap-based buffer overflow in SolarWinds Network Configuration Manager (NCM) before 7.3 allows remote attackers to execute arbitrary code via the PEstrarg1 property. Desbordamiento de buffer basado en memoria dinámica en SolarWinds Network Configuration Manager (NCM) anterior a 7.3 permite a atacantes remotos ejecutar código arbitrario a través de la propiedad PEstrarg1. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SolarWinds Network Configuration Manag... • http://zerodayinitiative.com/advisories/ZDI-14-133 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •