CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52611 – SolarWinds Platform Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-52611
11 Feb 2025 — The SolarWinds Platform is vulnerable to an information disclosure vulnerability through an error message. While the data does not provide anything sensitive, the information could assist an attacker in other malicious actions. • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2025-1_release_notes.htm • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52612 – SolarWinds Platform Reflected Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2024-52612
11 Feb 2025 — SolarWinds Platform is vulnerable to a reflected cross-site scripting vulnerability. This was caused by an insufficient sanitation of input parameters. This vulnerability requires authentication by a high- privileged account to be exploitable. • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2025-1_release_notes.htm • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45717 – SolarWinds Platform Cross- Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2024-45717
04 Dec 2024 — The SolarWinds Platform was susceptible to a XSS vulnerability that affects the search and node information section of the user interface. This vulnerability requires authentication and requires user interaction. • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-4-1_release_notes.htm • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45715 – SolarWinds Platform Edit Function Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2024-45715
16 Oct 2024 — The SolarWinds Platform was susceptible to a Cross-Site Scripting vulnerability when performing an edit function to existing elements. La plataforma SolarWinds era susceptible a una vulnerabilidad de cross-site scripting al realizar una función de edición en elementos existentes. • https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-45715 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45710 – SolarWinds Platform Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-45710
16 Oct 2024 — SolarWinds Platform is susceptible to an Uncontrolled Search Path Element Local Privilege Escalation vulnerability. This requires a low privilege account and local access to the affected node machine. La plataforma SolarWinds es susceptible a una vulnerabilidad de escalada de privilegios locales en elementos de ruta de búsqueda no controlados. Esto requiere una cuenta con privilegios bajos y acceso local a la máquina del nodo afectado. • https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-45710 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29004 – SolarWinds Platform Stored XSS Vulnerability
https://notcve.org/view.php?id=CVE-2024-29004
04 Jun 2024 — The SolarWinds Platform was determined to be affected by a stored cross-site scripting vulnerability affecting the web console. A high-privileged user and user interaction is required to exploit this vulnerability. Se determinó que la plataforma SolarWinds estaba afectada por una vulnerabilidad de cross-site scripting almacenado que afectaba a la consola web. Se requiere un usuario con altos privilegios y la interacción del usuario para aprovechar esta vulnerabilidad. • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-2_release_notes.htm • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 3%CPEs: 1EXPL: 3CVE-2024-28999 – SolarWinds Platform Race Condition Vulnerability
https://notcve.org/view.php?id=CVE-2024-28999
04 Jun 2024 — The SolarWinds Platform was determined to be affected by a Race Condition Vulnerability affecting the web console. Se determinó que la plataforma SolarWinds estaba afectada por una vulnerabilidad de condición de ejecución que afectaba a la consola web. SolarWinds Platform version 2024.1 SR1 suffers from a race condition vulnerability. • https://packetstorm.news/files/id/179214 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.1EPSS: 5%CPEs: 1EXPL: 0CVE-2024-28996 – SolarWinds Platform SWQL Injection Vulnerability
https://notcve.org/view.php?id=CVE-2024-28996
04 Jun 2024 — The SolarWinds Platform was determined to be affected by a SWQL Injection Vulnerability. Attack complexity is high for this vulnerability. Se determinó que la plataforma SolarWinds estaba afectada por una vulnerabilidad de inyección SWQL. La complejidad del ataque es alta para esta vulnerabilidad. • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-2_release_notes.htm • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29000 – SolarWinds Platform Reflected XSS Vulnerability
https://notcve.org/view.php?id=CVE-2024-29000
20 May 2024 — The SolarWinds Platform was determined to be affected by a reflected cross-site scripting vulnerability affecting the web console. A high-privileged user and user interaction is required to exploit this vulnerability. Se determinó que la plataforma SolarWinds estaba afectada por una vulnerabilidad de cross site scripting reflejado que afectaba a la consola web. Se requiere un usuario con altos privilegios y la interacción del usuario para aprovechar esta vulnerabilidad. • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-1-1_release_notes.htm • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29003 – SolarWinds Platform Cross Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2024-29003
18 Apr 2024 — The SolarWinds Platform was susceptible to a XSS vulnerability that affects the maps section of the user interface. This vulnerability requires authentication and requires user interaction. La plataforma SolarWinds era susceptible a una vulnerabilidad XSS que afecta la sección de mapas de la interfaz de usuario. Esta vulnerabilidad requiere autenticación y requiere interacción del usuario. • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-1-1_release_notes.htm • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •