CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23842 – SolarWinds Network Configuration Manager Directory Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2023-23842
26 Jul 2023 — The SolarWinds Network Configuration Manager was susceptible to the Directory Traversal Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands. SolarWinds Network Configuration Manager era susceptible a la vulnerabilidad de Directory Traversal. Esta vulnerabilidad permite a los usuarios con acceso administrativo a SolarWinds Web Console ejecutar comandos arbitrarios. This vulnerability allows remote attackers to execute arbitrary cod... • https://documentation.solarwinds.com/en/success_center/ncm/content/release_notes/ncm_2023-3_release_notes.htm • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 78%CPEs: 8EXPL: 7CVE-2014-9566 – SolarWinds Orion Service - SQL Injection
https://notcve.org/view.php?id=CVE-2014-9566
03 Mar 2015 — Multiple SQL injection vulnerabilities in the Manage Accounts page in the AccountManagement.asmx service in the Solarwinds Orion Platform 2015.1, as used in Network Performance Monitor (NPM) before 11.5, NetFlow Traffic Analyzer (NTA) before 4.1, Network Configuration Manager (NCM) before 7.3.2, IP Address Manager (IPAM) before 4.3, User Device Tracker (UDT) before 3.2, VoIP & Network Quality Manager (VNQM) before 4.2, Server & Application Manager (SAM) before 6.2, Web Performance Monitor (WPM) before 2.2, ... • https://packetstorm.news/files/id/180603 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •