cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-52611,https://securityvulnerability.io/vulnerability/CVE-2024-52611,Information Disclosure Vulnerability in SolarWinds Platform,"The SolarWinds Platform contains an information disclosure vulnerability that can be exploited via an error message. Although the disclosed data is not sensitive, it may provide attackers with useful information that facilitates further malicious activities. This highlights the need for users to be aware of the potential risks and apply necessary updates to safeguard their systems.",Solarwinds,Solarwinds Platform,3.5,LOW,0.01,false,,false,false,false,,false,false,false,,2025-02-11T07:25:02.977Z,0
CVE-2024-52612,https://securityvulnerability.io/vulnerability/CVE-2024-52612,Reflected Cross-Site Scripting Vulnerability in SolarWinds Platform,"The SolarWinds Platform is impacted by a reflected cross-site scripting vulnerability stemming from inadequate sanitization of input parameters. Attackers with access to high-privileged accounts could exploit this flaw, potentially allowing them to execute malicious scripts in users' browsers. Organizations using the SolarWinds Platform should be aware of this vulnerability and review their user account access policies.",Solarwinds,Solarwinds Platform,6.8,MEDIUM,0.01,false,,false,false,false,,false,false,false,,2025-02-11T07:21:17.835Z,0
CVE-2024-45717,https://securityvulnerability.io/vulnerability/CVE-2024-45717,SolarWinds Platform Vulnerable to XSS Attack,"The SolarWinds Platform is vulnerable to a Cross-Site Scripting (XSS) attack that impacts the search and node information sections of its user interface. This flaw necessitates that users are authenticated and engage with the interface for the exploitation to occur. The XSS vulnerability could allow an attacker to inject malicious scripts into web pages viewed by other users, leading to unauthorized access to sensitive information or manipulation of user sessions.",Solarwinds,Solarwinds Platform,4.8,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-04T07:15:00.000Z,0
CVE-2024-45715,https://securityvulnerability.io/vulnerability/CVE-2024-45715,SolarWinds Platform Vulnerable to Cross-Site Scripting Attack,The SolarWinds Platform was susceptible to a Cross-Site Scripting vulnerability when performing an edit function to existing elements.,SolarWinds,Solarwinds Platform,6.1,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-10-16T08:15:00.000Z,0
CVE-2024-45710,https://securityvulnerability.io/vulnerability/CVE-2024-45710,Uncontrolled Search Path Element Local Privilege Escalation Vulnerability Affects SolarWinds Platform,"The SolarWinds Platform is affected by a vulnerability that allows local privilege escalation due to an uncontrolled search path element. This vulnerability requires an attacker to possess a low privilege account and local access to the affected machine. Exploitation could potentially lead to unauthorized access or manipulation of system resources, thereby compromising the integrity and security of the affected system.",SolarWinds,Solarwinds Platform,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-16T08:15:00.000Z,0
CVE-2024-29004,https://securityvulnerability.io/vulnerability/CVE-2024-29004,SolarWinds Platform Vulnerable to Stored Cross-Site Scripting,"The SolarWinds Platform was determined to be affected by a stored cross-site scripting vulnerability affecting the web console. A high-privileged user and user interaction is required to exploit this vulnerability.  ",Solarwinds,Solarwinds Platform,4.8,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-06-04T14:53:26.256Z,0
CVE-2024-28999,https://securityvulnerability.io/vulnerability/CVE-2024-28999,SolarWinds Platform Affected by Race Condition Vulnerability,"A race condition vulnerability has been identified in the web console of the SolarWinds Platform, allowing an attacker to exploit timing issues in the execution of code. This may lead to unauthorized access or manipulation of sensitive information. Patching and updating to the latest version is essential for maintaining system integrity and security. Users are strongly advised to implement the recommended mitigation strategies to protect their installations.",Solarwinds,Solarwinds Platform,8.1,HIGH,0.020339999347925186,false,,false,false,true,2024-06-22T22:39:56.000Z,true,false,false,,2024-06-04T14:51:56.682Z,0
CVE-2024-28996,https://securityvulnerability.io/vulnerability/CVE-2024-28996,SolarWinds Platform Affected by SWQL Injection Vulnerability,"The SolarWinds Platform is susceptible to an SWQL Injection vulnerability that could allow attackers to manipulate queries executed against the database. This vulnerability presents high attack complexity, which means that exploiting it requires a certain level of skill or access. The issue can potentially lead to unauthorized data access or system compromise, highlighting the importance of applying security updates promptly.",Solarwinds,Solarwinds Platform,8.1,HIGH,0.000910000002477318,false,,false,false,false,,,false,false,,2024-06-04T14:49:53.075Z,0
CVE-2024-29000,https://securityvulnerability.io/vulnerability/CVE-2024-29000,SolarWinds Platform Vulnerable to Reflected Cross-Site Scripting,"The SolarWinds Platform is susceptible to a reflected cross-site scripting vulnerability found in its web console. This flaw allows attackers to execute arbitrary JavaScript code in the context of a user's browser session. Exploitation of this vulnerability requires user interaction and that the attacker lures a high-privileged user into clicking a malicious link. Given the critical role of the web console in managing network resources, addressing this vulnerability is essential to maintain secure operations within the SolarWinds ecosystem.",Solarwinds,Solarwinds Platform,4.8,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-05-20T19:15:00.000Z,0
CVE-2024-29003,https://securityvulnerability.io/vulnerability/CVE-2024-29003,SolarWinds Platform Vulnerable to XSS Attack,"The SolarWinds Platform is impacted by a cross-site scripting vulnerability specifically found within the maps section of its user interface. This issue can be exploited by authenticated users who interact with the affected UI component, potentially allowing for malicious scripts to be executed within the context of the user's session. Users are encouraged to apply the recommended security patches and updates to mitigate the risk associated with this vulnerability.",Solarwinds,Solarwinds Platform,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-04-18T10:15:00.000Z,0
CVE-2024-28076,https://securityvulnerability.io/vulnerability/CVE-2024-28076,Arbitrary Open Redirection Vulnerability in SolarWinds Platform,"The vulnerability within the SolarWinds Platform allows an attacker to exploit improper URL parameter handling, leading to arbitrary open redirection attacks. By manipulating URL parameters, an attacker can redirect users to unintended and potentially harmful domains. This poses a significant security risk for organizations utilizing the SolarWinds Platform, as users can be unwittingly redirected to phishing sites or other malicious content. It is essential for users to apply security patches and maintain awareness of their URL handling practices to mitigate this risk.",SolarWinds,Solarwinds Platform,4.7,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-04-18T09:15:00.000Z,0
CVE-2024-29001,https://securityvulnerability.io/vulnerability/CVE-2024-29001,"SolarWinds Platform SWQL Injection Vulnerability ","A SWQL injection vulnerability exists within the user interface of the SolarWinds Platform, which necessitates authentication and user interaction for exploitation. This security flaw could potentially allow an attacker to manipulate SWQL queries executed by the application, leading to unauthorized access and compromised data integrity. Users of affected versions should remain vigilant and consider applying any available patches or updates as recommended in the official advisories to mitigate risks associated with this vulnerability.",Solarwinds,Solarwinds Platform,8,HIGH,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-04-18T09:15:00.000Z,0
CVE-2023-35188,https://securityvulnerability.io/vulnerability/CVE-2023-35188,SolarWinds Platform SQL Injection Remote Code Execution Vulnerability,"An SQL Injection vulnerability exists in the SolarWinds Platform, allowing attackers to execute remote code through crafted SQL queries. The exploitation of this vulnerability necessitates user authentication, posing a significant threat to systems where SolarWinds is employed. Users are advised to review their authentication mechanisms and apply security updates as necessary from the provided advisories to mitigate potential risks.",Solarwinds,"SolarWinds Platform ",8.8,HIGH,0.0017900000093504786,false,,false,false,false,,,false,false,,2024-02-06T16:00:21.973Z,0
CVE-2023-50395,https://securityvulnerability.io/vulnerability/CVE-2023-50395,SolarWinds Platform SQL Injection Remote Code Execution Vulnerability,"A SQL Injection vulnerability has been identified in the SolarWinds Platform, which may allow for remote code execution under specific conditions. This issue involves flawed update statements that can be exploited by an authenticated user, potentially leading to unauthorized actions within the system. Users should review their security measures and apply relevant updates to mitigate risks associated with this vulnerability.",Solarwinds,"SolarWinds Platform ",8.8,HIGH,0.0017900000093504786,false,,false,false,false,,,false,false,,2024-02-06T15:59:48.664Z,0
CVE-2023-40056,https://securityvulnerability.io/vulnerability/CVE-2023-40056,SolarWinds Platform SQL Injection Remote Code Execution Vulnerability,"A vulnerability has been identified in the SolarWinds Platform that allows for SQL Injection attacks, which can be exploited by users with low privileged accounts. This flaw enables attackers to execute arbitrary code remotely, posing a significant security risk. Users are advised to apply security updates promptly to mitigate potential threats associated with this vulnerability.",Solarwinds,"SolarWinds Platform ",8.8,HIGH,0.0008800000068731606,false,,false,false,false,,,false,false,,2023-11-28T18:15:00.000Z,0
CVE-2023-40062,https://securityvulnerability.io/vulnerability/CVE-2023-40062,Incomplete List of Disallowed Inputs Remote Code Execution Vulnerability,"The SolarWinds Platform is affected by a remote code execution vulnerability caused by an incomplete list of disallowed inputs. This flaw enables low-privileged users to execute arbitrary commands with SYSTEM privileges, posing serious security risks to system integrity and confidentiality. Organizations utilizing this platform should promptly review their security measures and ensure that they apply latest patches to mitigate potential exploitation.",Solarwinds,Solarwinds Platform,8,HIGH,0.004699999932199717,false,,false,false,false,,,false,false,,2023-11-01T16:15:00.000Z,0
CVE-2023-40061,https://securityvulnerability.io/vulnerability/CVE-2023-40061,"Insecure Job Execution Mechanism Vulnerability ","The vulnerability involves an insecure job execution mechanism within SolarWinds products, which may allow attackers to exploit this weakness and potentially execute malicious actions. This flaw could enable further attacks, compromising the security of affected systems and affecting overall network integrity.",Solarwinds,Solarwinds Platform,8.8,HIGH,0.0006000000284984708,false,,false,false,false,,,false,false,,2023-11-01T16:15:00.000Z,0
CVE-2023-23845,https://securityvulnerability.io/vulnerability/CVE-2023-23845,SolarWinds Platform Exposed Dangerous Method Vulnerability,"The SolarWinds Platform is vulnerable to an Incorrect Comparison Vulnerability that permits authenticated users with administrative privileges in the SolarWinds Web Console to execute arbitrary commands. By exploiting this vulnerability, attackers can leverage the NETWORK SERVICE privileges, potentially leading to unauthorized access and manipulation of sensitive system operations. Organizations using affected versions of the SolarWinds Platform should take immediate measures to mitigate this risk by applying security patches and monitoring for unusual activities.",SolarWinds,SolarWinds Platform,7.2,HIGH,0.0013200000394135714,false,,false,false,false,,,false,false,,2023-09-13T23:15:00.000Z,0
CVE-2023-23840,https://securityvulnerability.io/vulnerability/CVE-2023-23840,SolarWinds Platform Exposed Dangerous Method Vulnerability,"The SolarWinds Platform is affected by an Incorrect Comparison Vulnerability that permits users with administrative access to the SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges. This flaw could potentially lead to unauthorized access and manipulation of sensitive functions within the application, presenting a notable security risk for organizations utilizing this platform.",SolarWinds,SolarWinds Platform,7.2,HIGH,0.0013200000394135714,false,,false,false,false,,,false,false,,2023-09-13T23:15:00.000Z,0
CVE-2023-3622,https://securityvulnerability.io/vulnerability/CVE-2023-3622,"Access Control Bypass Vulnerability in the SolarWinds Platform ","
 Access Control Bypass Vulnerability in the SolarWinds Platform that allows an underprivileged user to read arbitrary resource ",Solarwinds,"SolarWinds Platform ",4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2023-07-26T15:15:00.000Z,0
CVE-2023-33229,https://securityvulnerability.io/vulnerability/CVE-2023-33229,SolarWinds Platform Incorrect Input Neutralization Vulnerability,"The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform account to append URL parameters to inject passive HTML. ",Solarwinds,Solarwinds Platform,3.5,LOW,0.0004299999854993075,false,,false,false,false,,,false,false,,2023-07-26T15:15:00.000Z,0
CVE-2023-23843,https://securityvulnerability.io/vulnerability/CVE-2023-23843,SolarWinds Platform Incorrect Comparison Vulnerability,"The SolarWinds Platform contains an Incorrect Comparison Vulnerability that impacts the security of its Web Console. Administrators with access can exploit this flaw to execute arbitrary commands, leading to potential unauthorized control over the platform and its functionalities. Organizations using the affected versions should assess their exposure and take appropriate measures to remediate this risk.",Solarwinds,Solarwinds Platform,7.2,HIGH,0.0013800000306218863,false,,false,false,false,,,false,false,,2023-07-26T14:15:00.000Z,0
CVE-2023-23844,https://securityvulnerability.io/vulnerability/CVE-2023-23844,SolarWinds Platform Incomplete List of Disallowed Inputs Vulnerability,"The SolarWinds Platform has a vulnerability that permits users with administrative access to the SolarWinds Web Console to execute arbitrary commands with SYSTEM privileges. This flaw stems from an incorrect comparison in the application, potentially allowing unauthorized access or actions that could compromise the integrity of the system. Administrators are advised to apply patches and updates immediately to mitigate the risks associated with this vulnerability.",Solarwinds,Solarwinds Platform,7.2,HIGH,0.0013800000306218863,false,,false,false,false,,,false,false,,2023-07-26T14:15:00.000Z,0
CVE-2023-33224,https://securityvulnerability.io/vulnerability/CVE-2023-33224,SolarWinds Platform Incorrect Behavior Order Vulnerability,"The SolarWinds Platform is affected by a vulnerability that allows users with administrative access to the SolarWinds Web Console to execute arbitrary commands. This exploitation leverages NETWORK SERVICE privileges, potentially enabling unauthorized users to manipulate system operations. The vulnerability poses significant security risks, emphasizing the need for prompt updates and ongoing vigilance in system monitoring.",Solarwinds,Solarwinds Platform,7.2,HIGH,0.001069999998435378,false,,false,false,false,,,false,false,,2023-07-26T14:15:00.000Z,0
CVE-2023-33225,https://securityvulnerability.io/vulnerability/CVE-2023-33225,SolarWinds Platform Deserialization of Untrusted Data Vulnerability,"The SolarWinds Platform contains an Incorrect Comparison Vulnerability that may allow users with administrative access to the SolarWinds Web Console to execute arbitrary commands with SYSTEM privileges. This compromised access level poses significant risks, as it could enable the execution of malicious commands or unauthorized actions within the system. Users are urged to review their configurations and apply necessary patches to mitigate this vulnerability.",SolarWinds,SolarWinds Platform,7.2,HIGH,0.0010499999625608325,false,,false,false,false,,,false,false,,2023-07-26T14:15:00.000Z,0