CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2023-23845 – SolarWinds Platform Exposed Dangerous Method Vulnerability
https://notcve.org/view.php?id=CVE-2023-23845
13 Sep 2023 — The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges. La plataforma SolarWinds era susceptible a la vulnerabilidad de Comparación Incorrecta. Esta vulnerabilidad permite a los usuarios con acceso administrativo a SolarWinds Web Console ejecutar comandos arbitrarios con privilegios de SERVICIO DE RED. This vulnerability allows remote ... • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-3-1_release_notes.htm • CWE-697: Incorrect Comparison •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2023-23840 – SolarWinds Platform Exposed Dangerous Method Vulnerability
https://notcve.org/view.php?id=CVE-2023-23840
13 Sep 2023 — The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges. La plataforma SolarWinds era susceptible a la vulnerabilidad de Comparación Incorrecta. Esta vulnerabilidad permite a los usuarios con acceso administrativo a SolarWinds Web Console ejecutar comandos arbitrarios con privilegios de SERVICIO DE RED. This vulnerability allows remote ... • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-3-1_release_notes.htm • CWE-697: Incorrect Comparison •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36963 – SolarWinds Platform Deserialization of Untrusted Data Vulnerability
https://notcve.org/view.php?id=CVE-2022-36963
21 Apr 2023 — The SolarWinds Platform was susceptible to the Command Injection Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform admin account to execute arbitrary commands. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor. Authentication is required to exploit this vulnerability. The specific flaw exists within the ExecuteExternalProgram method. The issue results from the lack of proper vali... • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-2_release_notes.htm • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47505 – SolarWinds Platform Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-47505
21 Apr 2023 — The SolarWinds Platform was susceptible to the Local Privilege Escalation Vulnerability. This vulnerability allows a local adversary with a valid system user account to escalate local privileges. This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuratio... • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-2_release_notes.htm • CWE-269: Improper Privilege Management •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47509 – SolarWinds Platform Incorrect Input Neutralization Vulnerability
https://notcve.org/view.php?id=CVE-2022-47509
21 Apr 2023 — The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform account to append URL parameters to inject HTML. • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-2_release_notes.htm • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 73%CPEs: 1EXPL: 0CVE-2023-23836 – SolarWinds Platform Deserialization of Untrusted Data Vulnerability
https://notcve.org/view.php?id=CVE-2023-23836
15 Feb 2023 — SolarWinds Platform version 2022.4.1 was found to be susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to the SolarWinds Web Console to execute arbitrary commands. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor. Authentication is required to exploit this vulnerability. The specific flaw exists within the CredentialInitializer functio... • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-1_release_notes.htm • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.3EPSS: 24%CPEs: 1EXPL: 0CVE-2022-38111 – SolarWinds Platform Deserialization of Untrusted Data Vulnerability
https://notcve.org/view.php?id=CVE-2022-38111
15 Feb 2023 — SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the BytesToMessage function. The issue results from the lack of proper validati... • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-1_release_notes.htm • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47503 – SolarWinds Platform Deserialization of Untrusted Data Vulnerability
https://notcve.org/view.php?id=CVE-2022-47503
15 Feb 2023 — SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor. Authentication is required to exploit this vulnerability. The specific flaw exists within the WorkerControllerWCFProxy function. The issue results from the ... • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-1_release_notes.htm • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47504 – SolarWinds Platform Deserialization of Untrusted Data Vulnerability
https://notcve.org/view.php?id=CVE-2022-47504
15 Feb 2023 — SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor. Authentication is required to exploit this vulnerability. The specific flaw exists within the SqlFileScript function. The issue results from the lack of pro... • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-1_release_notes.htm • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47506 – SolarWinds Platform Directory Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2022-47506
15 Feb 2023 — SolarWinds Platform was susceptible to the Directory Traversal Vulnerability. This vulnerability allows a local adversary with authenticated account access to edit the default configuration, enabling the execution of arbitrary commands. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor. Authentication may be required to exploit this vulnerability, depending on the product configuration. The specific flaw exists within the... • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-1_release_notes.htm • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •