Filtered by vendor Solarwinds
Subscribe
Total
290 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-12897 | 1 Solarwinds | 1 Dameware Mini Remote Control | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| SolarWinds DameWare Mini Remote Control before 12.1 has a Buffer Overflow. | |||||
| CVE-2018-10241 | 1 Solarwinds | 1 Serv-u | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A denial of service vulnerability in SolarWinds Serv-U before 15.1.6 HFv1 allows an authenticated user to crash the application (with a NULL pointer dereference) via a specially crafted URL beginning with the /Web%20Client/ substring. | |||||
| CVE-2018-10240 | 1 Solarwinds | 1 Serv-u | 2024-11-21 | 5.0 MEDIUM | 7.3 HIGH |
| SolarWinds Serv-U MFT before 15.1.6 HFv1 assigns authenticated users a low-entropy session token that can be included in requests to the application as a URL parameter in lieu of a session cookie. This session token's value can be brute-forced by an attacker to obtain the corresponding session cookie and hijack the user's session. | |||||
| CVE-2024-45715 | 1 Solarwinds | 1 Solarwinds Platform | 2024-10-30 | N/A | 6.1 MEDIUM |
| The SolarWinds Platform was susceptible to a Cross-Site Scripting vulnerability when performing an edit function to existing elements. | |||||
| CVE-2024-45714 | 1 Solarwinds | 1 Serv-u | 2024-10-30 | N/A | 4.1 MEDIUM |
| Application is vulnerable to Cross Site Scripting (XSS) an authenticated attacker with users’ permissions can modify a variable with a payload. | |||||
| CVE-2024-45710 | 1 Solarwinds | 1 Solarwinds Platform | 2024-10-17 | N/A | 7.8 HIGH |
| SolarWinds Platform is susceptible to an Uncontrolled Search Path Element Local Privilege Escalation vulnerability. This requires a low privilege account and local access to the affected node machine. | |||||
| CVE-2024-45711 | 1 Solarwinds | 1 Serv-u | 2024-10-17 | N/A | 8.8 HIGH |
| SolarWinds Serv-U is vulnerable to a directory traversal vulnerability where remote code execution is possible depending on privileges given to the authenticated user. This issue requires a user to be authenticated and this is present when software environment variables are abused. Authentication is required for this vulnerability | |||||
| CVE-2024-28991 | 1 Solarwinds | 1 Access Rights Manager | 2024-09-16 | N/A | 8.8 HIGH |
| SolarWinds Access Rights Manager (ARM) was found to be susceptible to a remote code execution vulnerability. If exploited, this vulnerability would allow an authenticated user to abuse the service, resulting in remote code execution. | |||||
| CVE-2024-28990 | 1 Solarwinds | 1 Access Rights Manager | 2024-09-16 | N/A | 9.8 CRITICAL |
| SolarWinds Access Rights Manager (ARM) was found to contain a hard-coded credential authentication bypass vulnerability. If exploited, this vulnerability would allow access to the RabbitMQ management console. We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities. | |||||
| CVE-2024-28986 | 1 Solarwinds | 1 Web Help Desk | 2024-08-16 | N/A | 9.8 CRITICAL |
| SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing. However, out of an abundance of caution, we recommend all Web Help Desk customers apply the patch, which is now available. | |||||