Shodan
Vulnerabilities
Vulnerable Software
Solarwinds:  Security Vulnerabilities
CVE-2022-47503
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
CVSS Score
7.2
EPSS Score
0.008
Published
2023-02-15
CVE-2022-47504
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
CVSS Score
7.2
EPSS Score
0.008
Published
2023-02-15
CVE-2022-47012
Use of uninitialized variable in function gen_eth_recv in GNS3 dynamips 0.2.21.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-01-20
CVE-2022-38110
In Database Performance Analyzer (DPA) 2022.4 and older releases, certain URL vectors are susceptible to authenticated reflected cross-site scripting.
CVSS Score
5.4
EPSS Score
0.008
Published
2023-01-20
CVE-2022-38112
In DPA 2022.4 and older releases, generated heap memory dumps contain sensitive information in cleartext.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-01-20
CVE-2022-47512
Sensitive information was stored in plain text in a file that is accessible by a user with a local account in Hybrid Cloud Observability (HCO)/ SolarWinds Platform 2022.4. No other versions are affected
CVSS Score
5.5
EPSS Score
0.0
Published
2022-12-19
CVE-2022-38106
This vulnerability happens in the web client versions 15.3.0 to Serv-U 15.3.1. This vulnerability affects the directory creation function.
CVSS Score
5.4
EPSS Score
0.009
Published
2022-12-16
CVE-2021-35252
Common encryption key appears to be used across all deployed instances of Serv-U FTP Server. Because of this an encrypted value that is exposed to an attacker can be simply recovered to plaintext.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-12-16
CVE-2022-36960
SolarWinds Platform was susceptible to Improper Input Validation. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to escalate user privileges.
CVSS Score
8.8
EPSS Score
0.001
Published
2022-11-29
CVE-2022-36962
SolarWinds Platform was susceptible to Command Injection. This vulnerability allows a remote adversary with complete control over the SolarWinds database to execute arbitrary commands.
CVSS Score
7.2
EPSS Score
0.002
Published
2022-11-29


Products
Pricing
Contact Us

Shodan ® - All rights reserved