CVSS: 10.0EPSS: 76%CPEs: 1EXPL: 0CVE-2024-0692 – SolarWinds Security Event Manager Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-0692
01 Mar 2024 — The SolarWinds Security Event Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an unauthenticated user to abuse SolarWinds’ service, resulting in remote code execution. SolarWinds Security Event Manager era susceptible a una vulnerabilidad de ejecución remota de código. Esta vulnerabilidad permite que un usuario no autenticado abuse del servicio de SolarWinds, lo que resulta en la ejecución remota de código. This vulnerability allows remote attackers to execute arbit... • https://documentation.solarwinds.com/en/success_center/sem/content/release_notes/sem_2023-4-1_release_notes.htm • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38113 – Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-38113
23 Nov 2022 — This vulnerability discloses build and services versions in the server response header. Esta vulnerabilidad revela versiones de compilación y servicios en el encabezado de respuesta del servidor. • https://documentation.solarwinds.com/en/success_center/sem/content/release_notes/sem_2022-4_release_notes.htm • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38114 – Client-Side Desync Vulnerability
https://notcve.org/view.php?id=CVE-2022-38114
23 Nov 2022 — This vulnerability occurs when a web server fails to correctly process the Content-Length of POST requests. This can lead to HTTP request smuggling or XSS. Esta vulnerabilidad ocurre cuando un servidor web no logra procesar correctamente la longitud del contenido de las solicitudes POST. Esto puede provocar tráfico ilegal de solicitudes HTTP o XSS. • https://documentation.solarwinds.com/en/success_center/sem/content/release_notes/sem_2022-4_release_notes.htm • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38115 – Insecure Methods Vulnerability
https://notcve.org/view.php?id=CVE-2022-38115
23 Nov 2022 — Insecure method vulnerability in which allowed HTTP methods are disclosed. E.g., OPTIONS, DELETE, TRACE, and PUT Vulnerabilidad de método inseguro en la que se revelan métodos HTTP permitidos. Por ejemplo, OPTIONS, DELETE, TRACE y PUT • https://documentation.solarwinds.com/en/success_center/sem/content/release_notes/sem_2022-4_release_notes.htm • CWE-436: Interpretation Conflict CWE-650: Trusting HTTP Permission Methods on the Server Side •