Vendor CVEs
SolarWinds
All CVEs
266 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-40549 | 0.00 | — | 0.01 | Nov 18, 2025 | A Path Restriction Bypass vulnerability exists in Serv-U that when abused, could give a malicious actor with access to admin privileges the ability to execute code on a directory. This issue requires administrative privileges to abuse. On Windows systems, this scored as medium… | |||
| CVE-2025-40548 | 0.00 | — | 0.01 | Nov 18, 2025 | A missing validation process exists in Serv U when abused, could give a malicious actor with access to admin privileges the ability to execute code. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services… | |||
| CVE-2025-40547 | 0.00 | — | 0.01 | Nov 18, 2025 | A logic error vulnerability exists in Serv-U which when abused could give a malicious actor with access to admin privileges the ability to execute code. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because… | |||
| CVE-2025-26392 | 0.00 | — | 0.00 | Oct 21, 2025 | SolarWinds Observability Self-Hosted is susceptible to SQL injection vulnerability that may display sensitive data using a low-level account. This vulnerability requires authentication from a low-privilege account. | |||
| CVE-2025-26398 | 0.00 | — | 0.00 | Aug 12, 2025 | SolarWinds Database Performance Analyzer was found to contain a hard-coded cryptographic key. If exploited, this vulnerability could lead to a machine-in-the-middle (MITM) attack against users. This vulnerability requires additional software not installed by default, local… | |||
| CVE-2025-26397 | 0.00 | — | 0.00 | Jul 24, 2025 | SolarWinds Observability Self-Hosted is susceptible to Deserialization of Untrusted Data Local Privilege Escalation vulnerability. An attacker with low privileges can escalate privileges to run malicious files copied to a permission-protected folder. This vulnerability requires… | |||
| CVE-2025-26395 | 0.00 | — | 0.00 | Jun 10, 2025 | SolarWinds Observability Self-Hosted was susceptible to a cross-site scripting (XSS) vulnerability due to an unsanitized field in the URL. The attack requires authentication using an administrator-level account and user interaction is required. | |||
| CVE-2025-26394 | 0.00 | — | 0.00 | Jun 10, 2025 | SolarWinds Observability Self-Hosted is susceptible to an open redirection vulnerability. The URL is not properly sanitized, and an attacker could manipulate the string to redirect a user to a malicious site. The attack complexity is high, and authentication is required. | |||
| CVE-2024-45712 | 0.00 | — | 0.00 | Apr 15, 2025 | SolarWinds Serv-U is vulnerable to a client-side cross-site scripting (XSS) vulnerability. The vulnerability can only be performed by an authenticated account, on the local machine, from the local browser session. Therefore the risk is very low. | |||
| CVE-2024-52611 | 0.00 | — | 0.00 | Feb 11, 2025 | The SolarWinds Platform is vulnerable to an information disclosure vulnerability through an error message. While the data does not provide anything sensitive, the information could assist an attacker in other malicious actions. | |||
| CVE-2024-52612 | 0.00 | — | 0.01 | Feb 11, 2025 | SolarWinds Platform is vulnerable to a reflected cross-site scripting vulnerability. This was caused by an insufficient sanitation of input parameters. This vulnerability requires authentication by a high- privileged account to be exploitable. | |||
| CVE-2024-52606 | 0.00 | — | 0.02 | Feb 11, 2025 | SolarWinds Platform is affected by server-side request forgery vulnerability. Proper input sanitation was not applied allowing for the possibility of a malicious web request. | |||
| CVE-2024-45717 | 0.00 | — | 0.00 | Dec 4, 2024 | The SolarWinds Platform was susceptible to a XSS vulnerability that affects the search and node information section of the user interface. This vulnerability requires authentication and requires user interaction. | |||
| CVE-2024-45714 | 0.00 | — | 0.01 | Oct 16, 2024 | Application is vulnerable to Cross Site Scripting (XSS) an authenticated attacker with users’ permissions can modify a variable with a payload. | |||
| CVE-2024-45715 | 0.00 | — | 0.00 | Oct 16, 2024 | The SolarWinds Platform was susceptible to a Cross-Site Scripting vulnerability when performing an edit function to existing elements. | |||
| CVE-2024-45710 | 0.00 | — | 0.00 | Oct 16, 2024 | SolarWinds Platform is susceptible to an Uncontrolled Search Path Element Local Privilege Escalation vulnerability. This requires a low privilege account and local access to the affected node machine. | |||
| CVE-2024-29004 | 0.00 | — | 0.00 | Jun 4, 2024 | The SolarWinds Platform was determined to be affected by a stored cross-site scripting vulnerability affecting the web console. A high-privileged user and user interaction is required to exploit this vulnerability. | |||
| CVE-2024-28996 | 0.00 | — | 0.00 | Jun 4, 2024 | The SolarWinds Platform was determined to be affected by a SWQL Injection Vulnerability. Attack complexity is high for this vulnerability. | |||
| CVE-2024-29000 | 0.00 | — | 0.00 | May 20, 2024 | The SolarWinds Platform was determined to be affected by a reflected cross-site scripting vulnerability affecting the web console. A high-privileged user and user interaction is required to exploit this vulnerability. | |||
| CVE-2024-28072 | 0.00 | — | 0.01 | May 3, 2024 | A highly privileged account can overwrite arbitrary files on the system with log output. The log file path tags were not sanitized properly. | |||
| CVE-2024-29003 | 0.00 | — | 0.01 | Apr 18, 2024 | The SolarWinds Platform was susceptible to a XSS vulnerability that affects the maps section of the user interface. This vulnerability requires authentication and requires user interaction. | |||
| CVE-2024-29001 | 0.00 | — | 0.01 | Apr 18, 2024 | A SolarWinds Platform SWQL Injection Vulnerability was identified in the user interface. This vulnerability requires authentication and user interaction to be exploited. | |||
| CVE-2024-28076 | 0.00 | — | 0.00 | Apr 18, 2024 | The SolarWinds Platform was susceptible to a Arbitrary Open Redirection Vulnerability. A potential attacker can redirect to different domain when using URL parameter with relative entry in the correct format | |||
| CVE-2023-35188 | 0.00 | — | 0.02 | Feb 6, 2024 | SQL Injection Remote Code Execution Vulnerability was found using a create statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited. | |||
| CVE-2023-50395 | 0.00 | — | 0.02 | Feb 6, 2024 | SQL Injection Remote Code Execution Vulnerability was found using an update statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited | |||
| CVE-2023-40053 | 0.00 | — | 0.01 | Dec 6, 2023 | A vulnerability has been identified within Serv-U 15.4 that allows an authenticated actor to insert content on the file share function feature of Serv-U, which could be used maliciously. | |||
| CVE-2023-40056 | 0.00 | — | 0.05 | Nov 28, 2023 | SQL Injection Remote Code Vulnerability was found in the SolarWinds Platform. This vulnerability can be exploited with a low privileged account. | |||
| CVE-2023-40055 | 0.00 | — | 0.02 | Nov 9, 2023 | The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows a low-level user to perform the actions with SYSTEM privileges. We found this issue was not resolved in CVE-2023-33227 | |||
| CVE-2023-40054 | 0.00 | — | 0.03 | Nov 9, 2023 | The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows a low-level user to perform the actions with SYSTEM privileges. We found this issue was not resolved in CVE-2023-33226 | |||
| CVE-2023-33228 | 0.00 | — | 0.00 | Nov 1, 2023 | The SolarWinds Network Configuration Manager was susceptible to the Exposure of Sensitive Information Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to obtain sensitive information. | |||
| CVE-2023-33227 | 0.00 | — | 0.02 | Nov 1, 2023 | The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability This vulnerability allows a low level user to perform the actions with SYSTEM privileges. | |||
| CVE-2023-33226 | 0.00 | — | 0.02 | Nov 1, 2023 | The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows a low-level user to perform the actions with SYSTEM privileges. | |||
| CVE-2023-40061 | 0.00 | — | 0.00 | Nov 1, 2023 | Insecure job execution mechanism vulnerability. This vulnerability can lead to other attacks as a result. | |||
| CVE-2023-40062 | 0.00 | — | 0.03 | Nov 1, 2023 | SolarWinds Platform Incomplete List of Disallowed Inputs Remote Code Execution Vulnerability. If executed, this vulnerability would allow a low-privileged user to execute commands with SYSTEM privileges. | |||
| CVE-2023-23845 | 0.00 | — | 0.05 | Sep 13, 2023 | The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges. | |||
| CVE-2023-23840 | 0.00 | — | 0.05 | Sep 13, 2023 | The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges. | |||
| CVE-2023-40060 | 0.00 | — | 0.01 | Sep 7, 2023 | A vulnerability has been identified within Serv-U 15.4 and 15.4 Hotfix 1 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action. 15.4. SolarWinds found that the… | |||
| CVE-2023-35179 | 0.00 | — | 0.01 | Aug 10, 2023 | A vulnerability has been identified within Serv-U 15.4 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action. | |||
| CVE-2023-29505 | 0.00 | — | 0.01 | Aug 4, 2023 | An issue was discovered in Zoho ManageEngine Network Configuration Manager 12.6.165. The WebSocket endpoint allows Cross-site WebSocket hijacking. | |||
| CVE-2023-23842 | 0.00 | — | 0.03 | Jul 26, 2023 | The SolarWinds Network Configuration Manager was susceptible to the Directory Traversal Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands. | |||
| CVE-2023-3622 | 0.00 | — | 0.01 | Jul 26, 2023 | Access Control Bypass Vulnerability in the SolarWinds Platform that allows an underprivileged user to read arbitrary resource | |||
| CVE-2023-33229 | 0.00 | — | 0.01 | Jul 26, 2023 | The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform account to append URL parameters to inject passive HTML. | |||
| CVE-2023-23843 | 0.00 | — | 0.03 | Jul 26, 2023 | The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands. | |||
| CVE-2023-33224 | 0.00 | — | 0.03 | Jul 26, 2023 | The SolarWinds Platform was susceptible to the Incorrect Behavior Order Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges. | |||
| CVE-2023-33225 | 0.00 | — | 0.03 | Jul 26, 2023 | The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with SYSTEM privileges. | |||
| CVE-2023-23844 | 0.00 | — | 0.03 | Jul 26, 2023 | The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with SYSTEM privileges. | |||
| CVE-2023-33231 | 0.00 | — | 0.00 | Jul 18, 2023 | XSS attack was possible in DPA 2023.2 due to insufficient input validation | |||
| CVE-2023-23837 | 0.00 | — | 0.01 | Apr 25, 2023 | No exception handling vulnerability which revealed sensitive or excessive information to users. | |||
| CVE-2023-23838 | 0.00 | — | 0.01 | Apr 25, 2023 | Directory traversal and file enumeration vulnerability which allowed users to enumerate to different folders of the server. | |||
| CVE-2023-23839 | 0.00 | — | 0.01 | Apr 25, 2023 | The SolarWinds Platform was susceptible to the Exposure of Sensitive Information Vulnerability. This vulnerability allows users to access Orion.WebCommunityStrings SWIS schema object and obtain sensitive information. |
- CVE-2025-40549Nov 18, 2025risk 0.00cvss —epss 0.01
A Path Restriction Bypass vulnerability exists in Serv-U that when abused, could give a malicious actor with access to admin privileges the ability to execute code on a directory. This issue requires administrative privileges to abuse. On Windows systems, this scored as medium…
- CVE-2025-40548Nov 18, 2025risk 0.00cvss —epss 0.01
A missing validation process exists in Serv U when abused, could give a malicious actor with access to admin privileges the ability to execute code. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services…
- CVE-2025-40547Nov 18, 2025risk 0.00cvss —epss 0.01
A logic error vulnerability exists in Serv-U which when abused could give a malicious actor with access to admin privileges the ability to execute code. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because…
- CVE-2025-26392Oct 21, 2025risk 0.00cvss —epss 0.00
SolarWinds Observability Self-Hosted is susceptible to SQL injection vulnerability that may display sensitive data using a low-level account. This vulnerability requires authentication from a low-privilege account.
- CVE-2025-26398Aug 12, 2025risk 0.00cvss —epss 0.00
SolarWinds Database Performance Analyzer was found to contain a hard-coded cryptographic key. If exploited, this vulnerability could lead to a machine-in-the-middle (MITM) attack against users. This vulnerability requires additional software not installed by default, local…
- CVE-2025-26397Jul 24, 2025risk 0.00cvss —epss 0.00
SolarWinds Observability Self-Hosted is susceptible to Deserialization of Untrusted Data Local Privilege Escalation vulnerability. An attacker with low privileges can escalate privileges to run malicious files copied to a permission-protected folder. This vulnerability requires…
- CVE-2025-26395Jun 10, 2025risk 0.00cvss —epss 0.00
SolarWinds Observability Self-Hosted was susceptible to a cross-site scripting (XSS) vulnerability due to an unsanitized field in the URL. The attack requires authentication using an administrator-level account and user interaction is required.
- CVE-2025-26394Jun 10, 2025risk 0.00cvss —epss 0.00
SolarWinds Observability Self-Hosted is susceptible to an open redirection vulnerability. The URL is not properly sanitized, and an attacker could manipulate the string to redirect a user to a malicious site. The attack complexity is high, and authentication is required.
- CVE-2024-45712Apr 15, 2025risk 0.00cvss —epss 0.00
SolarWinds Serv-U is vulnerable to a client-side cross-site scripting (XSS) vulnerability. The vulnerability can only be performed by an authenticated account, on the local machine, from the local browser session. Therefore the risk is very low.
- CVE-2024-52611Feb 11, 2025risk 0.00cvss —epss 0.00
The SolarWinds Platform is vulnerable to an information disclosure vulnerability through an error message. While the data does not provide anything sensitive, the information could assist an attacker in other malicious actions.
- CVE-2024-52612Feb 11, 2025risk 0.00cvss —epss 0.01
SolarWinds Platform is vulnerable to a reflected cross-site scripting vulnerability. This was caused by an insufficient sanitation of input parameters. This vulnerability requires authentication by a high- privileged account to be exploitable.
- CVE-2024-52606Feb 11, 2025risk 0.00cvss —epss 0.02
SolarWinds Platform is affected by server-side request forgery vulnerability. Proper input sanitation was not applied allowing for the possibility of a malicious web request.
- CVE-2024-45717Dec 4, 2024risk 0.00cvss —epss 0.00
The SolarWinds Platform was susceptible to a XSS vulnerability that affects the search and node information section of the user interface. This vulnerability requires authentication and requires user interaction.
- CVE-2024-45714Oct 16, 2024risk 0.00cvss —epss 0.01
Application is vulnerable to Cross Site Scripting (XSS) an authenticated attacker with users’ permissions can modify a variable with a payload.
- CVE-2024-45715Oct 16, 2024risk 0.00cvss —epss 0.00
The SolarWinds Platform was susceptible to a Cross-Site Scripting vulnerability when performing an edit function to existing elements.
- CVE-2024-45710Oct 16, 2024risk 0.00cvss —epss 0.00
SolarWinds Platform is susceptible to an Uncontrolled Search Path Element Local Privilege Escalation vulnerability. This requires a low privilege account and local access to the affected node machine.
- CVE-2024-29004Jun 4, 2024risk 0.00cvss —epss 0.00
The SolarWinds Platform was determined to be affected by a stored cross-site scripting vulnerability affecting the web console. A high-privileged user and user interaction is required to exploit this vulnerability.
- CVE-2024-28996Jun 4, 2024risk 0.00cvss —epss 0.00
The SolarWinds Platform was determined to be affected by a SWQL Injection Vulnerability. Attack complexity is high for this vulnerability.
- CVE-2024-29000May 20, 2024risk 0.00cvss —epss 0.00
The SolarWinds Platform was determined to be affected by a reflected cross-site scripting vulnerability affecting the web console. A high-privileged user and user interaction is required to exploit this vulnerability.
- CVE-2024-28072May 3, 2024risk 0.00cvss —epss 0.01
A highly privileged account can overwrite arbitrary files on the system with log output. The log file path tags were not sanitized properly.
- CVE-2024-29003Apr 18, 2024risk 0.00cvss —epss 0.01
The SolarWinds Platform was susceptible to a XSS vulnerability that affects the maps section of the user interface. This vulnerability requires authentication and requires user interaction.
- CVE-2024-29001Apr 18, 2024risk 0.00cvss —epss 0.01
A SolarWinds Platform SWQL Injection Vulnerability was identified in the user interface. This vulnerability requires authentication and user interaction to be exploited.
- CVE-2024-28076Apr 18, 2024risk 0.00cvss —epss 0.00
The SolarWinds Platform was susceptible to a Arbitrary Open Redirection Vulnerability. A potential attacker can redirect to different domain when using URL parameter with relative entry in the correct format
- CVE-2023-35188Feb 6, 2024risk 0.00cvss —epss 0.02
SQL Injection Remote Code Execution Vulnerability was found using a create statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited.
- CVE-2023-50395Feb 6, 2024risk 0.00cvss —epss 0.02
SQL Injection Remote Code Execution Vulnerability was found using an update statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited
- CVE-2023-40053Dec 6, 2023risk 0.00cvss —epss 0.01
A vulnerability has been identified within Serv-U 15.4 that allows an authenticated actor to insert content on the file share function feature of Serv-U, which could be used maliciously.
- CVE-2023-40056Nov 28, 2023risk 0.00cvss —epss 0.05
SQL Injection Remote Code Vulnerability was found in the SolarWinds Platform. This vulnerability can be exploited with a low privileged account.
- CVE-2023-40055Nov 9, 2023risk 0.00cvss —epss 0.02
The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows a low-level user to perform the actions with SYSTEM privileges. We found this issue was not resolved in CVE-2023-33227
- CVE-2023-40054Nov 9, 2023risk 0.00cvss —epss 0.03
The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows a low-level user to perform the actions with SYSTEM privileges. We found this issue was not resolved in CVE-2023-33226
- CVE-2023-33228Nov 1, 2023risk 0.00cvss —epss 0.00
The SolarWinds Network Configuration Manager was susceptible to the Exposure of Sensitive Information Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to obtain sensitive information.
- CVE-2023-33227Nov 1, 2023risk 0.00cvss —epss 0.02
The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability This vulnerability allows a low level user to perform the actions with SYSTEM privileges.
- CVE-2023-33226Nov 1, 2023risk 0.00cvss —epss 0.02
The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows a low-level user to perform the actions with SYSTEM privileges.
- CVE-2023-40061Nov 1, 2023risk 0.00cvss —epss 0.00
Insecure job execution mechanism vulnerability. This vulnerability can lead to other attacks as a result.
- CVE-2023-40062Nov 1, 2023risk 0.00cvss —epss 0.03
SolarWinds Platform Incomplete List of Disallowed Inputs Remote Code Execution Vulnerability. If executed, this vulnerability would allow a low-privileged user to execute commands with SYSTEM privileges.
- CVE-2023-23845Sep 13, 2023risk 0.00cvss —epss 0.05
The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges.
- CVE-2023-23840Sep 13, 2023risk 0.00cvss —epss 0.05
The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges.
- CVE-2023-40060Sep 7, 2023risk 0.00cvss —epss 0.01
A vulnerability has been identified within Serv-U 15.4 and 15.4 Hotfix 1 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action. 15.4. SolarWinds found that the…
- CVE-2023-35179Aug 10, 2023risk 0.00cvss —epss 0.01
A vulnerability has been identified within Serv-U 15.4 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action.
- CVE-2023-29505Aug 4, 2023risk 0.00cvss —epss 0.01
An issue was discovered in Zoho ManageEngine Network Configuration Manager 12.6.165. The WebSocket endpoint allows Cross-site WebSocket hijacking.
- CVE-2023-23842Jul 26, 2023risk 0.00cvss —epss 0.03
The SolarWinds Network Configuration Manager was susceptible to the Directory Traversal Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands.
- CVE-2023-3622Jul 26, 2023risk 0.00cvss —epss 0.01
Access Control Bypass Vulnerability in the SolarWinds Platform that allows an underprivileged user to read arbitrary resource
- CVE-2023-33229Jul 26, 2023risk 0.00cvss —epss 0.01
The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform account to append URL parameters to inject passive HTML.
- CVE-2023-23843Jul 26, 2023risk 0.00cvss —epss 0.03
The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands.
- CVE-2023-33224Jul 26, 2023risk 0.00cvss —epss 0.03
The SolarWinds Platform was susceptible to the Incorrect Behavior Order Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges.
- CVE-2023-33225Jul 26, 2023risk 0.00cvss —epss 0.03
The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with SYSTEM privileges.
- CVE-2023-23844Jul 26, 2023risk 0.00cvss —epss 0.03
The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with SYSTEM privileges.
- CVE-2023-33231Jul 18, 2023risk 0.00cvss —epss 0.00
XSS attack was possible in DPA 2023.2 due to insufficient input validation
- CVE-2023-23837Apr 25, 2023risk 0.00cvss —epss 0.01
No exception handling vulnerability which revealed sensitive or excessive information to users.
- CVE-2023-23838Apr 25, 2023risk 0.00cvss —epss 0.01
Directory traversal and file enumeration vulnerability which allowed users to enumerate to different folders of the server.
- CVE-2023-23839Apr 25, 2023risk 0.00cvss —epss 0.01
The SolarWinds Platform was susceptible to the Exposure of Sensitive Information Vulnerability. This vulnerability allows users to access Orion.WebCommunityStrings SWIS schema object and obtain sensitive information.
Page 3 of 6