Solarwinds Platform
Sign in to watchby SolarWinds
CVEs (42)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-50395 | 0.00 | — | 0.01 | Feb 6, 2024 | SQL Injection Remote Code Execution Vulnerability was found using an update statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited | ||
| CVE-2023-40056 | 0.00 | — | 0.00 | Nov 28, 2023 | SQL Injection Remote Code Vulnerability was found in the SolarWinds Platform. This vulnerability can be exploited with a low privileged account. | ||
| CVE-2023-40061 | 0.00 | — | 0.00 | Nov 1, 2023 | Insecure job execution mechanism vulnerability. This vulnerability can lead to other attacks as a result. | ||
| CVE-2023-40062 | 0.00 | — | 0.02 | Nov 1, 2023 | SolarWinds Platform Incomplete List of Disallowed Inputs Remote Code Execution Vulnerability. If executed, this vulnerability would allow a low-privileged user to execute commands with SYSTEM privileges. | ||
| CVE-2023-23845 | 0.00 | — | 0.00 | Sep 13, 2023 | The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges. | ||
| CVE-2023-23840 | 0.00 | — | 0.00 | Sep 13, 2023 | The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges. | ||
| CVE-2023-3622 | 0.00 | — | 0.00 | Jul 26, 2023 | Access Control Bypass Vulnerability in the SolarWinds Platform that allows an underprivileged user to read arbitrary resource | ||
| CVE-2023-33229 | 0.00 | — | 0.01 | Jul 26, 2023 | The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform account to append URL parameters to inject passive HTML. | ||
| CVE-2023-23843 | 0.00 | — | 0.00 | Jul 26, 2023 | The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands. | ||
| CVE-2023-33224 | 0.00 | — | 0.00 | Jul 26, 2023 | The SolarWinds Platform was susceptible to the Incorrect Behavior Order Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges. | ||
| CVE-2023-33225 | 0.00 | — | 0.00 | Jul 26, 2023 | The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with SYSTEM privileges. | ||
| CVE-2023-23844 | 0.00 | — | 0.00 | Jul 26, 2023 | The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with SYSTEM privileges. | ||
| CVE-2023-23839 | 0.00 | — | 0.02 | Apr 25, 2023 | The SolarWinds Platform was susceptible to the Exposure of Sensitive Information Vulnerability. This vulnerability allows users to access Orion.WebCommunityStrings SWIS schema object and obtain sensitive information. | ||
| CVE-2022-36963 | 0.00 | — | 0.01 | Apr 21, 2023 | The SolarWinds Platform was susceptible to the Command Injection Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform admin account to execute arbitrary commands. | ||
| CVE-2022-47509 | 0.00 | — | 0.02 | Apr 21, 2023 | The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform account to append URL parameters to inject HTML. | ||
| CVE-2022-47505 | 0.00 | — | 0.00 | Apr 21, 2023 | The SolarWinds Platform was susceptible to the Local Privilege Escalation Vulnerability. This vulnerability allows a local adversary with a valid system user account to escalate local privileges. | ||
| CVE-2022-47506 | 0.00 | — | 0.00 | Feb 15, 2023 | SolarWinds Platform was susceptible to the Directory Traversal Vulnerability. This vulnerability allows a local adversary with authenticated account access to edit the default configuration, enabling the execution of arbitrary commands. | ||
| CVE-2022-36964 | 0.00 | — | 0.03 | Nov 29, 2022 | SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands. | ||
| CVE-2022-36962 | 0.00 | — | 0.02 | Nov 29, 2022 | SolarWinds Platform was susceptible to Command Injection. This vulnerability allows a remote adversary with complete control over the SolarWinds database to execute arbitrary commands. | ||
| CVE-2022-36960 | 0.00 | — | 0.00 | Nov 29, 2022 | SolarWinds Platform was susceptible to Improper Input Validation. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to escalate user privileges. |
Page 2 of 3