cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-45710,https://securityvulnerability.io/vulnerability/CVE-2024-45710,Uncontrolled Search Path Element Local Privilege Escalation Vulnerability Affects SolarWinds Platform,"The SolarWinds Platform is affected by a vulnerability that allows local privilege escalation due to an uncontrolled search path element. This vulnerability requires an attacker to possess a low privilege account and local access to the affected machine. Exploitation could potentially lead to unauthorized access or manipulation of system resources, thereby compromising the integrity and security of the affected system.",SolarWinds,Solarwinds Platform,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-16T08:15:00.000Z,0
CVE-2024-45711,https://securityvulnerability.io/vulnerability/CVE-2024-45711,SolarWinds Serv-U Directory Traversal Vulnerability,"The vulnerability in SolarWinds Serv-U presents a directory traversal flaw that allows an authenticated user to exploit the system by manipulating software environment variables. This exploitation can lead to remote code execution, contingent on the privileges assigned to the authenticated user. It is essential for organizations utilizing affected versions of Serv-U to review their access controls and mitigate the risks associated with this vulnerability.",SolarWinds,Serv-u,8.8,HIGH,0.0004900000058114529,false,,false,false,false,,,false,false,,2024-10-16T08:15:00.000Z,0
CVE-2024-28991,https://securityvulnerability.io/vulnerability/CVE-2024-28991,Remote Code Execution Vulnerability Affects SolarWinds ARM,"The SolarWinds Access Rights Manager (ARM) has a vulnerability that enables remote code execution when an authenticated user manipulates the service. This flaw allows potential abuse that could lead to the execution of arbitrary code on the server. Organizations using this version of ARM should take immediate action to mitigate risks associated with this vulnerability, which can have serious implications for data integrity and system security.",Solarwinds,Access Rights Manager,8.8,HIGH,0.0013800000306218863,false,,true,false,true,2024-09-16T00:00:00.000Z,,true,false,,2024-09-12T13:17:30.721Z,4416
CVE-2024-28990,https://securityvulnerability.io/vulnerability/CVE-2024-28990,SolarWinds ARM Has a Hard-Coded Credential Bypass Vulnerability,"The SolarWinds Access Rights Manager (ARM) is affected by a serious authentication bypass due to the presence of hard-coded credentials. Exploiting this vulnerability could allow an attacker to gain unauthorized access to the RabbitMQ management console, potentially compromising sensitive data and system configurations. This flaw emphasizes the importance of strong authentication measures and regular security assessments in application management. SolarWinds acknowledges the issue and collaborates with security experts to mitigate such vulnerabilities promptly.",Solarwinds,Access Rights Manager,9.8,CRITICAL,0.0019600000232458115,false,,false,false,false,,,false,false,,2024-09-12T13:16:35.586Z,0
CVE-2024-28987,https://securityvulnerability.io/vulnerability/CVE-2024-28987,Unauthenticated Access to Internal Functionality and Data via Hardcoded Credentials,"The SolarWinds Web Help Desk software is susceptible to a hardcoded credential vulnerability that enables remote unauthenticated users to gain unauthorized access to the system's internal functionalities. This security flaw allows attackers to manipulate and modify critical data, potentially leading to severe implications for organizations relying on this software for managing their help desk services. Immediate attention to this vulnerability is essential in order to safeguard sensitive information and maintain operational integrity.",Solarwinds,Web Help Desk,9.1,CRITICAL,0.961929976940155,true,2024-10-15T00:00:00.000Z,true,false,true,2024-08-22T16:01:41.000Z,true,true,false,,2024-08-21T22:15:00.000Z,4932
CVE-2024-28986,https://securityvulnerability.io/vulnerability/CVE-2024-28986,SolarWinds Web Help Desk Vulnerable to Remote Code Execution,"CVE-2024-28986 is a critical vulnerability in SolarWinds Web Help Desk, allowing attackers to run commands on the host machine. It is a Java deserialization vulnerability affecting versions 12.4 through 12.8 of the software. SolarWinds has released a patch (version 12.8.3) and a hotfix (Web Help Desk 12.8.3 Hotfix 1) that customers are urged to install immediately. The Cybersecurity and Infrastructure Security Agency (CISA) has added the vulnerability to its Known Exploited Vulnerabilities catalog, indicating active interest from threat actors. The exploitation of this vulnerability can have severe impacts, and organizations are advised to follow SolarWinds' instructions for installing the patch and hotfix as a matter of urgency.",Solarwinds,Web Help Desk,9.8,CRITICAL,0.026179999113082886,true,2024-08-15T00:00:00.000Z,true,false,true,2024-08-15T00:00:00.000Z,,false,false,,2024-08-13T23:15:00.000Z,0
CVE-2024-23471,https://securityvulnerability.io/vulnerability/CVE-2024-23471,Authentication Bypass Vulnerability Affects SolarWinds Access Rights Manager,"The SolarWinds Access Rights Manager has a vulnerability that enables authenticated users to exploit a specific service, leading to the potential for Remote Code Execution. This results in severe security implications, as malicious actors could execute arbitrary code on the affected system, potentially compromising sensitive information and operational integrity. Organizations utilizing Access Rights Manager are advised to review their security practices and implement necessary mitigations to protect against possible exploits.",Solarwinds,Access Rights Manager,9.8,CRITICAL,0.002850000048056245,false,,false,false,false,,,false,false,,2024-07-17T14:31:28.669Z,0
CVE-2024-23470,https://securityvulnerability.io/vulnerability/CVE-2024-23470,Unauthorized Remote Code Execution Vulnerability Affects Access Rights Manager,"The SolarWinds Access Rights Manager contains a vulnerability that enables pre-authentication remote code execution. This flaw permits an unauthenticated attacker to execute arbitrary commands and scripts on the affected system. Exploitation of this vulnerability poses significant risks, as it can lead to unauthorized access and potential compromise of sensitive data within the organization. It is crucial for users of Access Rights Manager to apply necessary security patches and monitor their environments for signs of exploitation.",Solarwinds,Access Rights Manager,9.8,CRITICAL,0.002850000048056245,false,,false,false,false,,,false,false,,2024-07-17T14:30:37.081Z,0
CVE-2024-28074,https://securityvulnerability.io/vulnerability/CVE-2024-28074,SolarWinds Access Rights Manager Vulnerability Remains Unfixed Despite Prior Attempts to Address,"A vulnerability has been identified in SolarWinds Access Rights Manager where a prior issue was not entirely resolved. Despite the implementation of certain security measures, a researcher discovered a method to circumvent those controls, thereby allowing exploitation of the vulnerability through an alternative approach. This situation highlights the importance of ongoing security assessments and the need for robust measures to mitigate the risk of unauthorized access.",Solarwinds,Access Rights Manager,9.8,CRITICAL,0.0020000000949949026,false,,false,false,false,,,false,false,,2024-07-17T14:29:39.778Z,0
CVE-2024-23467,https://securityvulnerability.io/vulnerability/CVE-2024-23467,SolarWinds Access Rights Manager vulnerable to Directory Traversal and Information Disclosure Attack,"The vulnerability found in SolarWinds Access Rights Manager pertains to directory traversal and information disclosure. It permits unauthenticated individuals to manipulate file system paths, thereby accessing sensitive files outside the intended directory structure. This issue poses significant risks, including the potential for remote code execution, which can be exploited to compromise systems and data integrity. Users of affected versions should consider implementing immediate remediation measures to protect their environments.",Solarwinds,Access Rights Manager,9.8,CRITICAL,0.0033400000538676977,false,,false,false,false,,,false,false,,2024-07-17T14:28:57.869Z,0
CVE-2024-23466,https://securityvulnerability.io/vulnerability/CVE-2024-23466,Unauthenticated Directory Traversal Vulnerability Affects SolarWinds ARM,"SolarWinds Access Rights Manager (ARM) has a significant vulnerability that allows for potential exploitation via Directory Traversal, enabling unauthenticated users to execute commands with SYSTEM privileges. This vulnerability can lead to severe security implications, including unauthorized access and control over sensitive data and system functionality. Organizations using affected versions of SolarWinds ARM should take immediate action to mitigate risks associated with exploitation.",Solarwinds,Access Rights Manager,9.8,CRITICAL,0.0033400000538676977,false,,false,false,false,,,false,false,,2024-07-17T14:28:17.041Z,0
CVE-2024-23465,https://securityvulnerability.io/vulnerability/CVE-2024-23465,Unauthenticated Domain Admin Access Vulnerability Discovered in SolarWinds Access Rights Manager,"The Access Rights Manager by SolarWinds has a vulnerability that permits unauthenticated users to exploit an authentication bypass flaw, granting them domain admin access within an Active Directory environment. This scenario poses significant security risks, as it allows attackers to escalate privileges and potentially compromise sensitive data and resources within an organization's network.",Solarwinds,Access Rights Manager,9.8,CRITICAL,0.002460000105202198,false,,false,false,false,,,false,false,,2024-07-17T14:27:31.092Z,0
CVE-2024-23469,https://securityvulnerability.io/vulnerability/CVE-2024-23469,SolarWinds ARM Vulnerable to Remote Code Execution,"The vulnerability in SolarWinds Access Rights Manager (ARM) enables an unauthenticated user to exploit a Remote Code Execution flaw. By taking advantage of this weakness, attackers can execute arbitrary commands with SYSTEM-level privileges, potentially allowing them to gain unauthorized access to sensitive data and systems. This poses a significant risk as it could lead to widespread infiltration of affected networks, highlighting the need for immediate patching and security measures.",Solarwinds,Access Rights Manager,9.8,CRITICAL,0.0016499999910593033,false,,false,false,false,,,false,false,,2024-07-17T14:26:47.787Z,0
CVE-2024-23475,https://securityvulnerability.io/vulnerability/CVE-2024-23475,Unauthenticated Arbitrary File Deletion and Information Disclosure Vulnerability Affects SolarWinds Access Rights Manager,"The SolarWinds Access Rights Manager is subject to a vulnerability that enables an unauthenticated user to exploit Directory Traversal, potentially leading to arbitrary file deletions and the exposure of sensitive information. This flaw poses a significant risk in environments where Access Rights Manager is deployed, as attackers could leverage it to manipulate access controls and gain unauthorized insights into sensitive data.",Solarwinds,Access Rights Manager,9.8,CRITICAL,0.0027199999894946814,false,,false,false,false,,,false,false,,2024-07-17T14:26:02.809Z,0
CVE-2024-23472,https://securityvulnerability.io/vulnerability/CVE-2024-23472,ARM Vulnerable to Directory Traversal,"SolarWinds Access Rights Manager (ARM) is vulnerable to a Directory Traversal issue that permits an authenticated user to read and delete arbitrary files within the system. This vulnerability poses significant risks as it can be exploited to gain unauthorized access to sensitive data, leading to potential data loss or compromise.",Solarwinds,Access Rights Manager,8.8,HIGH,0.0016299999551847577,false,,false,false,false,,,false,false,,2024-07-17T14:25:20.607Z,0
CVE-2024-28993,https://securityvulnerability.io/vulnerability/CVE-2024-28993,SolarWinds Access Rights Manager Vulnerability Allows Unauthorized File Deletion and Information Disclosure,"The SolarWinds Access Rights Manager is vulnerable to a directory traversal and information disclosure issue. This flaw enables an unauthenticated user to exploit the system by deleting arbitrary files and potentially accessing sensitive data. The exposure can lead to severe security breaches and unauthorized access to critical information, making it essential for organizations using this product to apply the necessary mitigations outlined in the release notes.",Solarwinds,Access Rights Manager,9.4,CRITICAL,0.0008999999845400453,false,,false,false,false,,,false,false,,2024-07-17T14:24:42.745Z,0
CVE-2024-28992,https://securityvulnerability.io/vulnerability/CVE-2024-28992,UnAuthenticated File Deletion and Information Disclosure Vulnerability in SolarWinds Access Rights Manager,"The SolarWinds Access Rights Manager is affected by a vulnerability that exposes it to directory traversal and information disclosure issues. This vulnerability enables unauthenticated attackers to manipulate the file structure, leading to arbitrary file deletions. Additionally, sensitive information may be leaked, thereby compromising the confidentiality and integrity of the system. Organizations using the affected versions of this product should evaluate their security measures promptly.",Solarwinds,Access Rights Manager,9.4,CRITICAL,0.002360000042244792,false,,false,false,false,,,false,false,,2024-07-17T14:23:50.488Z,0
CVE-2024-23468,https://securityvulnerability.io/vulnerability/CVE-2024-23468,SolarWinds Access Rights Manager Vulnerable to Directory Traversal and Information Disclosure,"The Security flaw in SolarWinds Access Rights Manager manifests as a Directory Traversal and Information Disclosure vulnerability. The issue allows unauthorized users to traverse directory structures, leading to the potential for arbitrary file deletion and exposure of confidential information. This can significantly compromise data integrity and confidentiality, making it critical for users and organizations to review their security posture and implement necessary mitigations.",Solarwinds,Access Rights Manager,9.4,CRITICAL,0.002309999894350767,false,,false,false,false,,,false,false,,2024-07-17T14:23:05.079Z,0
CVE-2024-23474,https://securityvulnerability.io/vulnerability/CVE-2024-23474,SolarWinds Access Rights Manager Vulnerable to File Deletion and Information Disclosure,The SolarWinds Access Rights Manager is vulnerable to issues that allow unauthorized arbitrary file deletion as well as potential information disclosure. This vulnerability arises from improper handling of file operations and needs to be addressed promptly to secure sensitive data and maintain system integrity.,Solarwinds,Access Rights Manager,9.8,CRITICAL,0.0027199999894946814,false,,false,false,false,,,false,false,,2024-07-17T14:22:19.833Z,0
CVE-2024-28995,https://securityvulnerability.io/vulnerability/CVE-2024-28995,SolarWinds Serv-U Vulnerable to Directory Transversal Attack,"A directory traversal vulnerability exists in SolarWinds Serv-U that enables an attacker to exploit the software's file access controls. By manipulating file paths, unauthorized users may gain access to sensitive files located on the host machine, which could lead to information disclosure and potential further exploitation of the system. It is essential for users of the affected products to apply the latest security updates to mitigate the risks associated with this vulnerability.",Solarwinds,Solarwinds Serv-u,7.5,HIGH,0.9649999737739563,true,2024-07-17T00:00:00.000Z,true,true,true,2024-06-07T17:52:43.000Z,true,true,false,,2024-06-06T09:01:23.314Z,8346
CVE-2024-28999,https://securityvulnerability.io/vulnerability/CVE-2024-28999,SolarWinds Platform Affected by Race Condition Vulnerability,"A race condition vulnerability has been identified in the web console of the SolarWinds Platform, allowing an attacker to exploit timing issues in the execution of code. This may lead to unauthorized access or manipulation of sensitive information. Patching and updating to the latest version is essential for maintaining system integrity and security. Users are strongly advised to implement the recommended mitigation strategies to protect their installations.",Solarwinds,Solarwinds Platform,8.1,HIGH,0.020339999347925186,false,,false,false,true,2024-06-22T22:39:56.000Z,true,false,false,,2024-06-04T14:51:56.682Z,0
CVE-2024-28996,https://securityvulnerability.io/vulnerability/CVE-2024-28996,SolarWinds Platform Affected by SWQL Injection Vulnerability,"The SolarWinds Platform is susceptible to an SWQL Injection vulnerability that could allow attackers to manipulate queries executed against the database. This vulnerability presents high attack complexity, which means that exploiting it requires a certain level of skill or access. The issue can potentially lead to unauthorized data access or system compromise, highlighting the importance of applying security updates promptly.",Solarwinds,Solarwinds Platform,8.1,HIGH,0.000910000002477318,false,,false,false,false,,,false,false,,2024-06-04T14:49:53.075Z,0
CVE-2024-28075,https://securityvulnerability.io/vulnerability/CVE-2024-28075,SolarWinds Access Rights Manager Vulnerable to Remote Code Execution,"The Access Rights Manager from SolarWinds is identified as having a vulnerability that permits remote code execution when exploited by an authenticated user. This flaw takes advantage of weaknesses in the service management, allowing unauthorized execution of code on the affected system. Organizations utilizing the Access Rights Manager should apply relevant updates and closely monitor for any unauthorized activities to safeguard their systems against potential exploitation.",Solarwinds,Access Rights Manager,8.8,HIGH,0.001180000021122396,false,,false,false,false,,,false,false,,2024-05-14T15:13:00.000Z,0
CVE-2024-23473,https://securityvulnerability.io/vulnerability/CVE-2024-23473,SolarWinds Access Rights Manager Vulnerability Allows Bypass of Credential Authentication,"The SolarWinds Access Rights Manager contains a hard-coded credential vulnerability that allows attackers to bypass authentication. This flaw may enable unauthorized access to the RabbitMQ management console, posing security risks for organizations relying on this product for access control and management. Organizations using affected versions should assess their exposure and implement necessary security measures to mitigate potential risks.",Solarwinds,Access Rights Manager,9.8,CRITICAL,0.0023499999660998583,false,,false,false,false,,,false,false,,2024-05-14T14:59:00.000Z,0
CVE-2024-29001,https://securityvulnerability.io/vulnerability/CVE-2024-29001,"SolarWinds Platform SWQL Injection Vulnerability ","A SWQL injection vulnerability exists within the user interface of the SolarWinds Platform, which necessitates authentication and user interaction for exploitation. This security flaw could potentially allow an attacker to manipulate SWQL queries executed by the application, leading to unauthorized access and compromised data integrity. Users of affected versions should remain vigilant and consider applying any available patches or updates as recommended in the official advisories to mitigate risks associated with this vulnerability.",Solarwinds,Solarwinds Platform,8,HIGH,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-04-18T09:15:00.000Z,0