VYPR

Solarwinds Platform

by SolarWinds

CVEs (46)

  • CVE-2022-36962Nov 29, 2022
    risk 0.00cvss epss 0.09

    SolarWinds Platform was susceptible to Command Injection. This vulnerability allows a remote adversary with complete control over the SolarWinds database to execute arbitrary commands.

  • CVE-2022-36960Nov 29, 2022
    risk 0.00cvss epss 0.01

    SolarWinds Platform was susceptible to Improper Input Validation. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to escalate user privileges.

  • CVE-2022-36957Oct 20, 2022
    risk 0.00cvss epss 0.12

    SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

  • CVE-2022-36966Oct 20, 2022
    risk 0.00cvss epss 0.00

    Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds Platform 2022.3 and previous.

  • CVE-2022-36965Sep 30, 2022
    risk 0.00cvss epss 0.01

    Insufficient sanitization of inputs in QoE application input field could lead to stored and Dom based XSS attack. This issue is fixed and released in SolarWinds Platform (2022.3.0).

  • CVE-2021-35228Oct 21, 2021
    risk 0.00cvss epss 0.01

    This vulnerability occurred due to missing input sanitization for one of the output fields that is extracted from headers on specific section of page causing a reflective cross site scripting attack. An attacker would need to perform a Man in the Middle attack in order to change…

Page 3 of 3