Shodan
Vulnerabilities
Vulnerable Software
Solarwinds:  Security Vulnerabilities
CVE-2022-36964
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands.
CVSS Score
8.8
EPSS Score
0.014
Published
2022-11-29
CVE-2022-38113
This vulnerability discloses build and services versions in the server response header.
CVSS Score
5.3
EPSS Score
0.005
Published
2022-11-23
CVE-2022-38114
This vulnerability occurs when a web server fails to correctly process the Content-Length of POST requests. This can lead to HTTP request smuggling or XSS.
CVSS Score
6.1
EPSS Score
0.003
Published
2022-11-23
CVE-2022-38115
Insecure method vulnerability in which allowed HTTP methods are disclosed. E.g., OPTIONS, DELETE, TRACE, and PUT
CVSS Score
5.3
EPSS Score
0.003
Published
2022-11-23
CVE-2021-35246
The application fails to prevent users from connecting to it over unencrypted connections. An attacker able to modify a legitimate user's network traffic could bypass the application's use of SSL/TLS encryption and use the application as a platform for attacks against its users.
CVSS Score
5.3
EPSS Score
0.002
Published
2022-11-23
CVE-2022-36966
Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds Platform 2022.3 and previous.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-10-20
CVE-2022-38108
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
CVSS Score
7.2
EPSS Score
0.854
Published
2022-10-20
CVE-2022-36957
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
CVSS Score
7.2
EPSS Score
0.01
Published
2022-10-20
CVE-2022-36958
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands.
CVSS Score
8.8
EPSS Score
0.128
Published
2022-10-20
CVE-2022-38107
Sensitive information could be displayed when a detailed technical error message is posted. This information could disclose environmental details.
CVSS Score
5.3
EPSS Score
0.004
Published
2022-10-19


Products
Pricing
Contact Us

Shodan ® - All rights reserved