Solarwinds: Security Vulnerabilities
The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an unauthenticated user to abuse a SolarWinds service resulting in a remote code execution.
CVSS Score
8.8
EPSS Score
0.106
Published
2023-10-19
The SolarWinds Access Rights Manager was susceptible to a Directory Traversal Remote Code Vulnerability using SYSTEM privileges.
CVSS Score
6.8
EPSS Score
0.002
Published
2023-10-19
The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an authenticated user to abuse SolarWinds service resulting in remote code execution.
CVSS Score
8.0
EPSS Score
0.096
Published
2023-10-19
The SolarWinds Access Rights Manager was susceptible to a Directory Traversal Remote Code Vulnerability. This vulnerability allows an unauthenticated user to achieve the Remote Code Execution.
CVSS Score
8.8
EPSS Score
0.02
Published
2023-10-19
The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows authenticated users to abuse SolarWinds ARM API.
CVSS Score
8.0
EPSS Score
0.491
Published
2023-10-19
The SolarWinds Access Rights Manager was susceptible to Privilege Escalation Vulnerability. This vulnerability allows users to abuse incorrect folder permission resulting in Privilege Escalation.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-10-19
The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges.
CVSS Score
6.8
EPSS Score
0.003
Published
2023-09-13
The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges.
CVSS Score
6.8
EPSS Score
0.003
Published
2023-09-13
A vulnerability has been identified within Serv-U 15.4 and 15.4 Hotfix 1 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action.
15.4. SolarWinds found that the issue was not completely fixed in 15.4 Hotfix 1.
CVSS Score
7.2
EPSS Score
0.0
Published
2023-09-07
A vulnerability has been identified within Serv-U 15.4 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action.
CVSS Score
7.2
EPSS Score
0.001
Published
2023-08-11