cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-52611,https://securityvulnerability.io/vulnerability/CVE-2024-52611,Information Disclosure Vulnerability in SolarWinds Platform,"The SolarWinds Platform contains an information disclosure vulnerability that can be exploited via an error message. Although the disclosed data is not sensitive, it may provide attackers with useful information that facilitates further malicious activities. This highlights the need for users to be aware of the potential risks and apply necessary updates to safeguard their systems.",Solarwinds,Solarwinds Platform,3.5,LOW,0.01,false,,false,false,false,,false,false,false,,2025-02-11T07:25:02.977Z,0
CVE-2024-52612,https://securityvulnerability.io/vulnerability/CVE-2024-52612,Reflected Cross-Site Scripting Vulnerability in SolarWinds Platform,"The SolarWinds Platform is impacted by a reflected cross-site scripting vulnerability stemming from inadequate sanitization of input parameters. Attackers with access to high-privileged accounts could exploit this flaw, potentially allowing them to execute malicious scripts in users' browsers. Organizations using the SolarWinds Platform should be aware of this vulnerability and review their user account access policies.",Solarwinds,Solarwinds Platform,6.8,MEDIUM,0.01,false,,false,false,false,,false,false,false,,2025-02-11T07:21:17.835Z,0
CVE-2024-45718,https://securityvulnerability.io/vulnerability/CVE-2024-45718,Configuration File Sensitivity Exposure in SolarWinds Products,"A vulnerability exists that may allow non-privileged users to access sensitive information stored in a configuration file. This scenario requires local access to the system with a low-privileged account, which can grant unauthorized individuals visibility into sensitive data. It is crucial for organizations using affected SolarWinds products to review their access controls and mitigate potential risks associated with this exposure.",Solarwinds,Kiwi Syslog Ng,4.6,MEDIUM,0.01,false,,false,false,false,,false,false,false,,2025-02-11T07:19:21.975Z,0
CVE-2024-52606,https://securityvulnerability.io/vulnerability/CVE-2024-52606,Server-Side Request Forgery in SolarWinds Platform,"The SolarWinds Platform is susceptible to a server-side request forgery vulnerability due to inadequate input sanitation. This flaw enables malicious actors to craft deceptive web requests, potentially leading to unauthorized access to internal services and sensitive data leakage. Users are advised to review their configuration and update to the latest version to mitigate this risk.",Solarwinds,Solarwinds,3.5,LOW,0.01,false,,false,false,false,,false,false,false,,2025-02-11T07:17:05.645Z,0
CVE-2024-28989,https://securityvulnerability.io/vulnerability/CVE-2024-28989,Cryptographic Key Exposure in SolarWinds Web Help Desk,"SolarWinds Web Help Desk has been identified with a serious vulnerability linked to a hardcoded cryptographic key. This flaw enables unauthorized access to sensitive information stored within the application, posing a risk of data leaks and breaches. Organizations using affected versions of the product are encouraged to review their security measures and update to the latest version to mitigate potential threats.",Solarwinds,Web Help Desk,5.5,MEDIUM,0.01,false,,false,false,false,,false,false,false,,2025-02-11T07:13:05.768Z,0
CVE-2024-45709,https://securityvulnerability.io/vulnerability/CVE-2024-45709,SolarWinds Web Help Desk vulnerability only affects limited installations,SolarWinds Web Help Desk was susceptible to a local file read vulnerability.  This vulnerability requires the software be installed on Linux and configured to use non-default development/test mode making exposure to the vulnerability very limited.,Solarwinds,Web Help Desk,5.3,MEDIUM,0.0008999999845400453,false,,false,false,false,,,false,false,,2024-12-10T08:20:06.921Z,0
CVE-2024-45717,https://securityvulnerability.io/vulnerability/CVE-2024-45717,SolarWinds Platform Vulnerable to XSS Attack,"The SolarWinds Platform is vulnerable to a Cross-Site Scripting (XSS) attack that impacts the search and node information sections of its user interface. This flaw necessitates that users are authenticated and engage with the interface for the exploitation to occur. The XSS vulnerability could allow an attacker to inject malicious scripts into web pages viewed by other users, leading to unauthorized access to sensitive information or manipulation of user sessions.",Solarwinds,Solarwinds Platform,4.8,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-04T07:15:00.000Z,0
CVE-2024-45713,https://securityvulnerability.io/vulnerability/CVE-2024-45713,SolarWinds Kiwi CatTools Vulnerability: Sensitive Data at Risk,SolarWinds Kiwi CatTools is susceptible to a sensitive data disclosure vulnerability when a non-default setting has been enabled for troubleshooting purposes.,Solarwinds,Kiwi Cattools,5.1,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-17T11:02:33.170Z,0
CVE-2024-45711,https://securityvulnerability.io/vulnerability/CVE-2024-45711,SolarWinds Serv-U Directory Traversal Vulnerability,"The vulnerability in SolarWinds Serv-U presents a directory traversal flaw that allows an authenticated user to exploit the system by manipulating software environment variables. This exploitation can lead to remote code execution, contingent on the privileges assigned to the authenticated user. It is essential for organizations utilizing affected versions of Serv-U to review their access controls and mitigate the risks associated with this vulnerability.",SolarWinds,Serv-u,8.8,HIGH,0.0004900000058114529,false,,false,false,false,,,false,false,,2024-10-16T08:15:00.000Z,0
CVE-2024-45715,https://securityvulnerability.io/vulnerability/CVE-2024-45715,SolarWinds Platform Vulnerable to Cross-Site Scripting Attack,The SolarWinds Platform was susceptible to a Cross-Site Scripting vulnerability when performing an edit function to existing elements.,SolarWinds,Solarwinds Platform,6.1,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-10-16T08:15:00.000Z,0
CVE-2024-45710,https://securityvulnerability.io/vulnerability/CVE-2024-45710,Uncontrolled Search Path Element Local Privilege Escalation Vulnerability Affects SolarWinds Platform,"The SolarWinds Platform is affected by a vulnerability that allows local privilege escalation due to an uncontrolled search path element. This vulnerability requires an attacker to possess a low privilege account and local access to the affected machine. Exploitation could potentially lead to unauthorized access or manipulation of system resources, thereby compromising the integrity and security of the affected system.",SolarWinds,Solarwinds Platform,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-16T08:15:00.000Z,0
CVE-2024-28991,https://securityvulnerability.io/vulnerability/CVE-2024-28991,Remote Code Execution Vulnerability Affects SolarWinds ARM,"The SolarWinds Access Rights Manager (ARM) has a vulnerability that enables remote code execution when an authenticated user manipulates the service. This flaw allows potential abuse that could lead to the execution of arbitrary code on the server. Organizations using this version of ARM should take immediate action to mitigate risks associated with this vulnerability, which can have serious implications for data integrity and system security.",Solarwinds,Access Rights Manager,8.8,HIGH,0.0013800000306218863,false,,true,false,true,2024-09-16T00:00:00.000Z,,true,false,,2024-09-12T13:17:30.721Z,4416
CVE-2024-28990,https://securityvulnerability.io/vulnerability/CVE-2024-28990,SolarWinds ARM Has a Hard-Coded Credential Bypass Vulnerability,"The SolarWinds Access Rights Manager (ARM) is affected by a serious authentication bypass due to the presence of hard-coded credentials. Exploiting this vulnerability could allow an attacker to gain unauthorized access to the RabbitMQ management console, potentially compromising sensitive data and system configurations. This flaw emphasizes the importance of strong authentication measures and regular security assessments in application management. SolarWinds acknowledges the issue and collaborates with security experts to mitigate such vulnerabilities promptly.",Solarwinds,Access Rights Manager,9.8,CRITICAL,0.0019600000232458115,false,,false,false,false,,,false,false,,2024-09-12T13:16:35.586Z,0
CVE-2024-28987,https://securityvulnerability.io/vulnerability/CVE-2024-28987,Unauthenticated Access to Internal Functionality and Data via Hardcoded Credentials,"The SolarWinds Web Help Desk software is susceptible to a hardcoded credential vulnerability that enables remote unauthenticated users to gain unauthorized access to the system's internal functionalities. This security flaw allows attackers to manipulate and modify critical data, potentially leading to severe implications for organizations relying on this software for managing their help desk services. Immediate attention to this vulnerability is essential in order to safeguard sensitive information and maintain operational integrity.",Solarwinds,Web Help Desk,9.1,CRITICAL,0.961929976940155,true,2024-10-15T00:00:00.000Z,true,false,true,2024-08-22T16:01:41.000Z,true,true,false,,2024-08-21T22:15:00.000Z,4932
CVE-2024-28986,https://securityvulnerability.io/vulnerability/CVE-2024-28986,SolarWinds Web Help Desk Vulnerable to Remote Code Execution,"CVE-2024-28986 is a critical vulnerability in SolarWinds Web Help Desk, allowing attackers to run commands on the host machine. It is a Java deserialization vulnerability affecting versions 12.4 through 12.8 of the software. SolarWinds has released a patch (version 12.8.3) and a hotfix (Web Help Desk 12.8.3 Hotfix 1) that customers are urged to install immediately. The Cybersecurity and Infrastructure Security Agency (CISA) has added the vulnerability to its Known Exploited Vulnerabilities catalog, indicating active interest from threat actors. The exploitation of this vulnerability can have severe impacts, and organizations are advised to follow SolarWinds' instructions for installing the patch and hotfix as a matter of urgency.",Solarwinds,Web Help Desk,9.8,CRITICAL,0.026179999113082886,true,2024-08-15T00:00:00.000Z,true,false,true,2024-08-15T00:00:00.000Z,,false,false,,2024-08-13T23:15:00.000Z,0
CVE-2024-23471,https://securityvulnerability.io/vulnerability/CVE-2024-23471,Authentication Bypass Vulnerability Affects SolarWinds Access Rights Manager,"The SolarWinds Access Rights Manager has a vulnerability that enables authenticated users to exploit a specific service, leading to the potential for Remote Code Execution. This results in severe security implications, as malicious actors could execute arbitrary code on the affected system, potentially compromising sensitive information and operational integrity. Organizations utilizing Access Rights Manager are advised to review their security practices and implement necessary mitigations to protect against possible exploits.",Solarwinds,Access Rights Manager,9.8,CRITICAL,0.002850000048056245,false,,false,false,false,,,false,false,,2024-07-17T14:31:28.669Z,0
CVE-2024-23470,https://securityvulnerability.io/vulnerability/CVE-2024-23470,Unauthorized Remote Code Execution Vulnerability Affects Access Rights Manager,"The SolarWinds Access Rights Manager contains a vulnerability that enables pre-authentication remote code execution. This flaw permits an unauthenticated attacker to execute arbitrary commands and scripts on the affected system. Exploitation of this vulnerability poses significant risks, as it can lead to unauthorized access and potential compromise of sensitive data within the organization. It is crucial for users of Access Rights Manager to apply necessary security patches and monitor their environments for signs of exploitation.",Solarwinds,Access Rights Manager,9.8,CRITICAL,0.002850000048056245,false,,false,false,false,,,false,false,,2024-07-17T14:30:37.081Z,0
CVE-2024-28074,https://securityvulnerability.io/vulnerability/CVE-2024-28074,SolarWinds Access Rights Manager Vulnerability Remains Unfixed Despite Prior Attempts to Address,"A vulnerability has been identified in SolarWinds Access Rights Manager where a prior issue was not entirely resolved. Despite the implementation of certain security measures, a researcher discovered a method to circumvent those controls, thereby allowing exploitation of the vulnerability through an alternative approach. This situation highlights the importance of ongoing security assessments and the need for robust measures to mitigate the risk of unauthorized access.",Solarwinds,Access Rights Manager,9.8,CRITICAL,0.0020000000949949026,false,,false,false,false,,,false,false,,2024-07-17T14:29:39.778Z,0
CVE-2024-23467,https://securityvulnerability.io/vulnerability/CVE-2024-23467,SolarWinds Access Rights Manager vulnerable to Directory Traversal and Information Disclosure Attack,"The vulnerability found in SolarWinds Access Rights Manager pertains to directory traversal and information disclosure. It permits unauthenticated individuals to manipulate file system paths, thereby accessing sensitive files outside the intended directory structure. This issue poses significant risks, including the potential for remote code execution, which can be exploited to compromise systems and data integrity. Users of affected versions should consider implementing immediate remediation measures to protect their environments.",Solarwinds,Access Rights Manager,9.8,CRITICAL,0.0033400000538676977,false,,false,false,false,,,false,false,,2024-07-17T14:28:57.869Z,0
CVE-2024-23466,https://securityvulnerability.io/vulnerability/CVE-2024-23466,Unauthenticated Directory Traversal Vulnerability Affects SolarWinds ARM,"SolarWinds Access Rights Manager (ARM) has a significant vulnerability that allows for potential exploitation via Directory Traversal, enabling unauthenticated users to execute commands with SYSTEM privileges. This vulnerability can lead to severe security implications, including unauthorized access and control over sensitive data and system functionality. Organizations using affected versions of SolarWinds ARM should take immediate action to mitigate risks associated with exploitation.",Solarwinds,Access Rights Manager,9.8,CRITICAL,0.0033400000538676977,false,,false,false,false,,,false,false,,2024-07-17T14:28:17.041Z,0
CVE-2024-23465,https://securityvulnerability.io/vulnerability/CVE-2024-23465,Unauthenticated Domain Admin Access Vulnerability Discovered in SolarWinds Access Rights Manager,"The Access Rights Manager by SolarWinds has a vulnerability that permits unauthenticated users to exploit an authentication bypass flaw, granting them domain admin access within an Active Directory environment. This scenario poses significant security risks, as it allows attackers to escalate privileges and potentially compromise sensitive data and resources within an organization's network.",Solarwinds,Access Rights Manager,9.8,CRITICAL,0.002460000105202198,false,,false,false,false,,,false,false,,2024-07-17T14:27:31.092Z,0
CVE-2024-23469,https://securityvulnerability.io/vulnerability/CVE-2024-23469,SolarWinds ARM Vulnerable to Remote Code Execution,"The vulnerability in SolarWinds Access Rights Manager (ARM) enables an unauthenticated user to exploit a Remote Code Execution flaw. By taking advantage of this weakness, attackers can execute arbitrary commands with SYSTEM-level privileges, potentially allowing them to gain unauthorized access to sensitive data and systems. This poses a significant risk as it could lead to widespread infiltration of affected networks, highlighting the need for immediate patching and security measures.",Solarwinds,Access Rights Manager,9.8,CRITICAL,0.0016499999910593033,false,,false,false,false,,,false,false,,2024-07-17T14:26:47.787Z,0
CVE-2024-23475,https://securityvulnerability.io/vulnerability/CVE-2024-23475,Unauthenticated Arbitrary File Deletion and Information Disclosure Vulnerability Affects SolarWinds Access Rights Manager,"The SolarWinds Access Rights Manager is subject to a vulnerability that enables an unauthenticated user to exploit Directory Traversal, potentially leading to arbitrary file deletions and the exposure of sensitive information. This flaw poses a significant risk in environments where Access Rights Manager is deployed, as attackers could leverage it to manipulate access controls and gain unauthorized insights into sensitive data.",Solarwinds,Access Rights Manager,9.8,CRITICAL,0.0027199999894946814,false,,false,false,false,,,false,false,,2024-07-17T14:26:02.809Z,0
CVE-2024-23472,https://securityvulnerability.io/vulnerability/CVE-2024-23472,ARM Vulnerable to Directory Traversal,"SolarWinds Access Rights Manager (ARM) is vulnerable to a Directory Traversal issue that permits an authenticated user to read and delete arbitrary files within the system. This vulnerability poses significant risks as it can be exploited to gain unauthorized access to sensitive data, leading to potential data loss or compromise.",Solarwinds,Access Rights Manager,8.8,HIGH,0.0016299999551847577,false,,false,false,false,,,false,false,,2024-07-17T14:25:20.607Z,0
CVE-2024-28993,https://securityvulnerability.io/vulnerability/CVE-2024-28993,SolarWinds Access Rights Manager Vulnerability Allows Unauthorized File Deletion and Information Disclosure,"The SolarWinds Access Rights Manager is vulnerable to a directory traversal and information disclosure issue. This flaw enables an unauthenticated user to exploit the system by deleting arbitrary files and potentially accessing sensitive data. The exposure can lead to severe security breaches and unauthorized access to critical information, making it essential for organizations using this product to apply the necessary mitigations outlined in the release notes.",Solarwinds,Access Rights Manager,9.4,CRITICAL,0.0008999999845400453,false,,false,false,false,,,false,false,,2024-07-17T14:24:42.745Z,0