Solarwinds Platform
by SolarWinds
CVEs (46)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-36962 | 0.00 | — | 0.09 | Nov 29, 2022 | SolarWinds Platform was susceptible to Command Injection. This vulnerability allows a remote adversary with complete control over the SolarWinds database to execute arbitrary commands. | |||
| CVE-2022-36960 | 0.00 | — | 0.01 | Nov 29, 2022 | SolarWinds Platform was susceptible to Improper Input Validation. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to escalate user privileges. | |||
| CVE-2022-36957 | 0.00 | — | 0.12 | Oct 20, 2022 | SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands. | |||
| CVE-2022-36966 | 0.00 | — | 0.00 | Oct 20, 2022 | Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds Platform 2022.3 and previous. | |||
| CVE-2022-36965 | 0.00 | — | 0.01 | Sep 30, 2022 | Insufficient sanitization of inputs in QoE application input field could lead to stored and Dom based XSS attack. This issue is fixed and released in SolarWinds Platform (2022.3.0). | |||
| CVE-2021-35228 | 0.00 | — | 0.01 | Oct 21, 2021 | This vulnerability occurred due to missing input sanitization for one of the output fields that is extracted from headers on specific section of page causing a reflective cross site scripting attack. An attacker would need to perform a Man in the Middle attack in order to change… |
- CVE-2022-36962Nov 29, 2022risk 0.00cvss —epss 0.09
SolarWinds Platform was susceptible to Command Injection. This vulnerability allows a remote adversary with complete control over the SolarWinds database to execute arbitrary commands.
- CVE-2022-36960Nov 29, 2022risk 0.00cvss —epss 0.01
SolarWinds Platform was susceptible to Improper Input Validation. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to escalate user privileges.
- CVE-2022-36957Oct 20, 2022risk 0.00cvss —epss 0.12
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
- CVE-2022-36966Oct 20, 2022risk 0.00cvss —epss 0.00
Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds Platform 2022.3 and previous.
- CVE-2022-36965Sep 30, 2022risk 0.00cvss —epss 0.01
Insufficient sanitization of inputs in QoE application input field could lead to stored and Dom based XSS attack. This issue is fixed and released in SolarWinds Platform (2022.3.0).
- CVE-2021-35228Oct 21, 2021risk 0.00cvss —epss 0.01
This vulnerability occurred due to missing input sanitization for one of the output fields that is extracted from headers on specific section of page causing a reflective cross site scripting attack. An attacker would need to perform a Man in the Middle attack in order to change…
Page 3 of 3