Vulnerabilities > Solarwinds
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-16 | CVE-2024-45710 | Uncontrolled Search Path Element vulnerability in Solarwinds Platform SolarWinds Platform is susceptible to an Uncontrolled Search Path Element Local Privilege Escalation vulnerability. | 7.8 |
| 2024-10-16 | CVE-2024-45711 | Path Traversal vulnerability in Solarwinds Serv-U SolarWinds Serv-U is vulnerable to a directory traversal vulnerability where remote code execution is possible depending on privileges given to the authenticated user. | 8.8 |
| 2024-10-16 | CVE-2024-45714 | Cross-site Scripting vulnerability in Solarwinds Serv-U Application is vulnerable to Cross Site Scripting (XSS) an authenticated attacker with users’ permissions can modify a variable with a payload. | 4.1 |
| 2024-10-16 | CVE-2024-45715 | Cross-site Scripting vulnerability in Solarwinds Platform The SolarWinds Platform was susceptible to a Cross-Site Scripting vulnerability when performing an edit function to existing elements. | 6.1 |
| 2024-09-12 | CVE-2024-28990 | Use of Hard-coded Credentials vulnerability in Solarwinds Access Rights Manager SolarWinds Access Rights Manager (ARM) was found to contain a hard-coded credential authentication bypass vulnerability. | 9.8 |
| 2024-09-12 | CVE-2024-28991 | Unspecified vulnerability in Solarwinds Access Rights Manager SolarWinds Access Rights Manager (ARM) was found to be susceptible to a remote code execution vulnerability. | 8.8 |
| 2024-08-21 | CVE-2024-28987 | Use of Hard-coded Credentials vulnerability in Solarwinds web Help Desk The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data. | 9.1 |
| 2024-08-13 | CVE-2024-28986 | Deserialization of Untrusted Data vulnerability in Solarwinds web Help Desk SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. | 9.8 |
| 2024-07-17 | CVE-2024-23465 | Improper Authentication vulnerability in Solarwinds Access Rights Manager The SolarWinds Access Rights Manager was found to be susceptible to an authentication bypass vulnerability. | 9.8 |
| 2024-07-17 | CVE-2024-23466 | Path Traversal vulnerability in Solarwinds Access Rights Manager SolarWinds Access Rights Manager (ARM) is susceptible to a Directory Traversal Remote Code Execution vulnerability. | 9.8 |