| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The SolarWinds Platform was susceptible to a XSS vulnerability that affects the maps section of the user interface. This vulnerability requires authentication and requires user interaction. |
| A SolarWinds Platform SWQL Injection Vulnerability was identified in the user interface. This vulnerability requires authentication and user interaction to be exploited. |
| The SolarWinds Platform was susceptible to a Arbitrary Open Redirection Vulnerability. A potential attacker can redirect to different domain when using URL parameter with relative entry in the correct format |
| SolarWinds Serv-U was found to be susceptible to a Directory Traversal Remote Code Vulnerability. This vulnerability requires a highly privileged account to be exploited.
|
| The SolarWinds Platform was susceptible to a XSS vulnerability that affects the search and node information section of the user interface. This vulnerability requires authentication and requires user interaction. |
| The SolarWinds Platform was susceptible to the Command Injection Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform admin account to execute arbitrary commands.
|
| The SolarWinds Platform was susceptible to the Local Privilege Escalation Vulnerability. This vulnerability allows a local adversary with a valid system user account to escalate local privileges.
|
| The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform account to append URL parameters to inject HTML.
|
| Directory traversal and file enumeration vulnerability which allowed users to enumerate to different folders of the server.
|
| No exception handling vulnerability which revealed sensitive or excessive information to users.
|
| The SolarWinds Platform was susceptible to the Exposure of Sensitive Information Vulnerability. This vulnerability allows users to access Orion.WebCommunityStrings SWIS schema object and obtain sensitive information.
|
|
SolarWinds Serv-U is submitting an HTTP request when changing or updating the attributes for File Share or File request. Part of the URL of the request discloses sensitive data.
|
| The SolarWinds Platform was determined to be affected by a stored cross-site scripting vulnerability affecting the web console. A high-privileged user and user interaction is required to exploit this vulnerability. |
| The SolarWinds Platform was determined to be affected by a Race Condition Vulnerability affecting the web console. |
| The SolarWinds Platform was determined to be affected by a SWQL Injection Vulnerability. Attack complexity is high for this vulnerability.
|
| The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. This vulnerability allows an unauthenticated user to perform arbitrary file deletion and leak sensitive information. |
| The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. This vulnerability allows an unauthenticated user to perform arbitrary file deletion and leak sensitive information. |
| It was discovered that a previous vulnerability was not completely fixed with SolarWinds Access Rights Manager. While some controls were implemented the researcher was able to bypass these and use a different method to exploit the vulnerability. |
| SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited, this vulnerability allows an unauthenticated user to achieve a Remote Code Execution.
|
| SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Remote Code Execution Vulnerability. If exploited, this vulnerability allows an authenticated user to abuse a SolarWinds service, resulting in remote code execution.
|
