cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score CVE-2023-40054,https://securityvulnerability.io/vulnerability/CVE-2023-40054,SolarWinds Network Configuration Manager Directory Traversal Remote Code Execution Vulnerability,"The Network Configuration Manager from SolarWinds is exposed to a vulnerability that enables low-level users to exploit directory traversal, gaining access to perform actions with SYSTEM privileges. This flaw allows unauthorized manipulation of system commands and access to sensitive files. Although an attempt to address this issue was made in a previous version (CVE-2023-33226), it remains unresolved, putting users at risk of significant security breaches.",Solarwinds,Network Configuration Manager,8,HIGH,0.003000000026077032,false,,false,false,false,,,false,false,,2023-11-09T15:15:00.000Z,0 CVE-2023-40055,https://securityvulnerability.io/vulnerability/CVE-2023-40055,SolarWinds Network Configuration Manager Directory Traversal Remote Code Execution Vulnerability,"The Network Configuration Manager by SolarWinds is exposed to a directory traversal vulnerability that permits a low-privileged user to execute commands with SYSTEM privileges. This lack of proper input validation not only allows unauthorized access to sensitive files on the system but also enables potential remote code execution. It is important to note that this issue persists and was not adequately addressed in prior vulnerabilities, further compromising the security framework of the application.",Solarwinds,Network Configuration Manager,8,HIGH,0.002630000002682209,false,,false,false,false,,,false,false,,2023-11-09T15:15:00.000Z,0 CVE-2023-33226,https://securityvulnerability.io/vulnerability/CVE-2023-33226,Directory Traversal Remote Code Execution Vulnerability,"The Network Configuration Manager by SolarWinds is vulnerable to a directory traversal flaw that could be exploited by low-privileged users. This weakness allows attackers to execute commands with SYSTEM-level privileges, potentially compromising the integrity and security of the network environment. Users are recommended to update to the latest version and follow security best practices to mitigate risk.",Solarwinds,Network Configuration Manager,8,HIGH,0.006630000192672014,false,,false,false,false,,,false,false,,2023-11-01T16:15:00.000Z,0 CVE-2023-33227,https://securityvulnerability.io/vulnerability/CVE-2023-33227,Directory Traversal Remote Code Execution Vulnerability,"SolarWinds Network Configuration Manager is impacted by a Directory Traversal vulnerability that can be exploited by low-level users to execute commands with SYSTEM privileges. This weakness poses significant risks, allowing unauthorized access and control over the affected system. Implementing the latest security updates is crucial to mitigate the threats associated with this vulnerability.",Solarwinds,Network Configuration Manager,8,HIGH,0.006630000192672014,false,,false,false,false,,,false,false,,2023-11-01T16:15:00.000Z,0 CVE-2023-33228,https://securityvulnerability.io/vulnerability/CVE-2023-33228,SolarWinds Network Configuration Manager Sensitive Information Disclosure Vulnerability,The SolarWinds Network Configuration Manager was susceptible to the Exposure of Sensitive Information Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to obtain sensitive information.,Solarwinds,Network Configuration Manager,4.5,MEDIUM,0.0006000000284984708,false,,false,false,false,,,false,false,,2023-11-01T16:15:00.000Z,0 CVE-2023-23842,https://securityvulnerability.io/vulnerability/CVE-2023-23842,SolarWinds Network Configuration Manager Directory Traversal Vulnerability,"The SolarWinds Network Configuration Manager is exposed to a directory traversal vulnerability that permits authenticated users with administrative privileges to execute unauthorized commands through the SolarWinds Web Console. This flaw could lead to serious security implications, enabling potential attackers to access restricted files and execute further malicious activities on the system. It is crucial for organizations using this software to apply the latest updates and patch this vulnerability to safeguard their network infrastructure.",Solarwinds,Network Configuration Manager,7.2,HIGH,0.0006699999794363976,false,,false,false,false,,,false,false,,2023-07-26T15:15:00.000Z,0 CVE-2021-35226,https://securityvulnerability.io/vulnerability/CVE-2021-35226,Hashed Credential Exposure Vulnerability,"An entity in Network Configuration Manager product is misconfigured and exposing password field to Solarwinds Information Service (SWIS). Exposed credentials are encrypted and require authenticated access with an NCM role. ",Solarwinds,Network Configuration Manager,6.5,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2022-10-10T00:00:00.000Z,0 CVE-2014-9566,https://securityvulnerability.io/vulnerability/CVE-2014-9566,,"Multiple SQL injection vulnerabilities in the Manage Accounts page in the AccountManagement.asmx service in the Solarwinds Orion Platform 2015.1, as used in Network Performance Monitor (NPM) before 11.5, NetFlow Traffic Analyzer (NTA) before 4.1, Network Configuration Manager (NCM) before 7.3.2, IP Address Manager (IPAM) before 4.3, User Device Tracker (UDT) before 3.2, VoIP & Network Quality Manager (VNQM) before 4.2, Server & Application Manager (SAM) before 6.2, Web Performance Monitor (WPM) before 2.2, and possibly other Solarwinds products, allow remote authenticated users to execute arbitrary SQL commands via the (1) dir or (2) sort parameter to the (a) GetAccounts or (b) GetAccountGroups endpoint.",Solarwinds,"Orion Netflow Traffic Analyzer,Orion Web Performance Monitor,Orion Network Configuration Manager,Orion User Device Tracker,Orion Ip Address Manager,Orion Voip \& Network Quality Manager,Orion Server And Application Manager,Orion Network Performance Monitor",,,0.9467399716377258,false,,false,false,false,,,false,false,,2015-03-10T14:00:00.000Z,0 CVE-2014-3459,https://securityvulnerability.io/vulnerability/CVE-2014-3459,,Heap-based buffer overflow in SolarWinds Network Configuration Manager (NCM) before 7.3 allows remote attackers to execute arbitrary code via the PEstrarg1 property.,Solarwinds,Network Configuration Manager,,,0.5922099947929382,false,,false,false,false,,,false,false,,2014-08-07T10:00:00.000Z,0