CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29004 – SolarWinds Platform Stored XSS Vulnerability
https://notcve.org/view.php?id=CVE-2024-29004
04 Jun 2024 — The SolarWinds Platform was determined to be affected by a stored cross-site scripting vulnerability affecting the web console. A high-privileged user and user interaction is required to exploit this vulnerability. Se determinó que la plataforma SolarWinds estaba afectada por una vulnerabilidad de cross-site scripting almacenado que afectaba a la consola web. Se requiere un usuario con altos privilegios y la interacción del usuario para aprovechar esta vulnerabilidad. • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-2_release_notes.htm • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 3%CPEs: 1EXPL: 3CVE-2024-28999 – SolarWinds Platform Race Condition Vulnerability
https://notcve.org/view.php?id=CVE-2024-28999
04 Jun 2024 — The SolarWinds Platform was determined to be affected by a Race Condition Vulnerability affecting the web console. Se determinó que la plataforma SolarWinds estaba afectada por una vulnerabilidad de condición de ejecución que afectaba a la consola web. SolarWinds Platform version 2024.1 SR1 suffers from a race condition vulnerability. • https://packetstorm.news/files/id/179214 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.1EPSS: 1%CPEs: 1EXPL: 0CVE-2024-28996 – SolarWinds Platform SWQL Injection Vulnerability
https://notcve.org/view.php?id=CVE-2024-28996
04 Jun 2024 — The SolarWinds Platform was determined to be affected by a SWQL Injection Vulnerability. Attack complexity is high for this vulnerability. Se determinó que la plataforma SolarWinds estaba afectada por una vulnerabilidad de inyección SWQL. La complejidad del ataque es alta para esta vulnerabilidad. • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-2_release_notes.htm • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35188 – SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-35188
06 Feb 2024 — SQL Injection Remote Code Execution Vulnerability was found using a create statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited. La vulnerabilidad de ejecución remota de código de inyección SQL se encontró mediante una declaración de creación en la plataforma SolarWinds. Esta vulnerabilidad requiere que se aproveche la autenticación del usuario. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion ... • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-1_release_notes.htm • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50395 – SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-50395
06 Feb 2024 — SQL Injection Remote Code Execution Vulnerability was found using an update statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited La vulnerabilidad de ejecución remota de código de inyección SQL se encontró mediante una declaración de actualización en la plataforma SolarWinds. Esta vulnerabilidad requiere la autenticación del usuario para ser explotada. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds... • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-1_release_notes.htm • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40056 – SolarWinds Platform SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-40056
28 Nov 2023 — SQL Injection Remote Code Vulnerability was found in the SolarWinds Platform. This vulnerability can be exploited with a low privileged account. Se encontró una vulnerabilidad de código remoto de inyección SQL en la plataforma SolarWinds. Esta vulnerabilidad se puede explotar con una cuenta con pocos privilegios. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Platform. • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-4-2_release_notes.htm • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40061 – Insecure Job Execution Mechanism Vulnerability
https://notcve.org/view.php?id=CVE-2023-40061
01 Nov 2023 — Insecure job execution mechanism vulnerability. This vulnerability can lead to other attacks as a result. Vulnerabilidad del mecanismo de ejecución de trabajos inseguro. Como resultado, esta vulnerabilidad puede provocar otros ataques. Insecure job execution mechanism vulnerability. • https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-40061 • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 2%CPEs: 1EXPL: 0CVE-2023-40062 – Incomplete List of Disallowed Inputs Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-40062
01 Nov 2023 — SolarWinds Platform Incomplete List of Disallowed Inputs Remote Code Execution Vulnerability. If executed, this vulnerability would allow a low-privileged user to execute commands with SYSTEM privileges. Lista Incompleta de Entradas no Permitidas de la Plataforma SolarWinds vulnerabilidad de Ejecución Remota de Código. Si se ejecuta, esta vulnerabilidad permitiría a un usuario con pocos privilegios ejecutar comandos con permisos de SYSTEM. This vulnerability allows remote attackers to execute arbitrary code... • https://documentation.solarwinds.com/en/success_center/hco/content/release_notes/hco_2023-4_release_notes.htm • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3622 – Access Control Bypass Vulnerability in the SolarWinds Platform
https://notcve.org/view.php?id=CVE-2023-3622
26 Jul 2023 — Access Control Bypass Vulnerability in the SolarWinds Platform that allows an underprivileged user to read arbitrary resource Vulnerabilidad de Access Control Bypass en SolarWinds Platform que permite a un usuario con privilegios leer recursos arbitrarios • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-3_release_notes.htm • CWE-287: Improper Authentication •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33229 – SolarWinds Platform Incorrect Input Neutralization Vulnerability
https://notcve.org/view.php?id=CVE-2023-33229
26 Jul 2023 — The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform account to append URL parameters to inject passive HTML. SolarWinds Platform era susceptible a la vulnerabilidad de neutralización de entrada incorrecta. Esta vulnerabilidad permite a un adversario remoto con una cuenta válida de SolarWinds Platform anexar parámetros de URL para inyectar HTML pasivo. • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-3_release_notes.htm • CWE-94: Improper Control of Generation of Code ('Code Injection') •