Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
solarwinds vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-36964
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands.
Solarwinds Orion Platform 2020.2.6
Solarwinds Orion Platform
Solarwinds Orion Platform 2022.2
Solarwinds Orion Platform 2022.3
NA
CVE-2022-36966
Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds Platform 2022.3 and previous.
Solarwinds Orion Platform 2020.2.6
Solarwinds Orion Platform
Solarwinds Orion Platform 2022.2
Solarwinds Orion Platform 2022.3
10
CVSSv2
CVE-2012-2576
SQL injection vulnerability in the LoginServlet page in SolarWinds Storage Manager prior to 5.1.2, SolarWinds Storage Profiler prior to 5.1.2, and SolarWinds Backup Profiler prior to 5.1.2 allows remote malicious users to execute arbitrary SQL commands via the loginName field.
Solarwinds Storage Profiler
Solarwinds Backup Profiler
Solarwinds Storage Manager
1 EDB exploit
10
CVSSv2
CVE-2009-4006
Stack-based buffer overflow in the TEA decoding algorithm in RhinoSoft Serv-U FTP server 7.0.0.1, 9.0.0.5, and other versions prior to 9.1.0.0 allows remote malicious users to execute arbitrary code via a long hexadecimal string.
Solarwinds Serv-u File Server 7.1.0.0
Solarwinds Serv-u File Server 7.4.0.1
Solarwinds Serv-u File Server 8.2.0.3
Solarwinds Serv-u File Server 8.0.0.5
Solarwinds Serv-u File Server 8.0.0.1
Solarwinds Serv-u File Server 9.0.0.1
Solarwinds Serv-u File Server 7.0.0.3
Solarwinds Serv-u File Server 7.0.0.1
Solarwinds Serv-u File Server 7.3.0.1
Solarwinds Serv-u File Server 7.3.0.0
Solarwinds Serv-u File Server 8.2.0.0
Solarwinds Serv-u File Server 8.2.0.1
Solarwinds Serv-u File Server 9.1.0.0
Solarwinds Serv-u File Server 7.1.0.1
Solarwinds Serv-u File Server 7.1.0.2
Solarwinds Serv-u File Server 7.3.0.2
Solarwinds Serv-u File Server 7.4.0.0
Solarwinds Serv-u File Server 8.1.0.1
Solarwinds Serv-u File Server 8.1.0.3
Solarwinds Serv-u File Server 7.0.0.4
Solarwinds Serv-u File Server 7.0.0.2
Solarwinds Serv-u File Server 7.2.0.0
1 EDB exploit
NA
CVE-2023-33224
The SolarWinds Platform was susceptible to the Incorrect Behavior Order Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges.
Solarwinds Solarwinds Platform
NA
CVE-2023-33225
The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with SYSTEM privileges.
Solarwinds Solarwinds Platform
NA
CVE-2023-33229
The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform account to append URL parameters to inject passive HTML.
Solarwinds Solarwinds Platform
NA
CVE-2022-36965
Insufficient sanitization of inputs in QoE application input field could lead to stored and Dom based XSS attack. This issue is fixed and released in SolarWinds Platform (2022.3.0).
Solarwinds Solarwinds Platform
NA
CVE-2023-35188
SQL Injection Remote Code Execution Vulnerability was found using a create statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited.
Solarwinds Solarwinds Platform
NA
CVE-2023-23839
The SolarWinds Platform was susceptible to the Exposure of Sensitive Information Vulnerability. This vulnerability allows users to access Orion.WebCommunityStrings SWIS schema object and obtain sensitive information.
Solarwinds Solarwinds Platform
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
client side
CVE-2023-31889
template injection
CVE-2024-4304
CVE-2006-4304
CVE-2024-33272
type confusion
CVE-2024-21345
CVE-2024-33271
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »