Vulnerabilities > Solarwinds > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-16 | CVE-2024-45714 | Cross-site Scripting vulnerability in Solarwinds Serv-U Application is vulnerable to Cross Site Scripting (XSS) an authenticated attacker with users’ permissions can modify a variable with a payload. | 4.1 |
| 2024-10-16 | CVE-2024-45715 | Cross-site Scripting vulnerability in Solarwinds Platform The SolarWinds Platform was susceptible to a Cross-Site Scripting vulnerability when performing an edit function to existing elements. | 6.1 |
| 2024-06-04 | CVE-2024-29004 | Cross-site Scripting vulnerability in Solarwinds Platform The SolarWinds Platform was determined to be affected by a stored cross-site scripting vulnerability affecting the web console. | 4.8 |
| 2023-12-21 | CVE-2023-40058 | Unspecified vulnerability in Solarwinds Access Rights Manager Sensitive data was added to our public-facing knowledgebase that, if exploited, could be used to access components of Access Rights Manager (ARM) if the threat actor is in the same environment. low complexity solarwinds | 6.5 |
| 2023-12-06 | CVE-2023-40053 | Unspecified vulnerability in Solarwinds Serv-U 15.4.0 A vulnerability has been identified within Serv-U 15.4 that allows an authenticated actor to insert content on the file share function feature of Serv-U, which could be used maliciously. | 5.0 |
| 2023-11-01 | CVE-2023-33228 | Missing Encryption of Sensitive Data vulnerability in Solarwinds Network Configuration Manager The SolarWinds Network Configuration Manager was susceptible to the Exposure of Sensitive Information Vulnerability. | 4.9 |
| 2023-10-19 | CVE-2023-35185 | Path Traversal vulnerability in Solarwinds Access Rights Manager The SolarWinds Access Rights Manager was susceptible to a Directory Traversal Remote Code Vulnerability using SYSTEM privileges. | 6.8 |
| 2023-07-26 | CVE-2023-3622 | Improper Authentication vulnerability in Solarwinds Platform Access Control Bypass Vulnerability in the SolarWinds Platform that allows an underprivileged user to read arbitrary resource | 4.3 |
| 2023-07-18 | CVE-2023-33231 | Cross-site Scripting vulnerability in Solarwinds Database Performance Analyzer XSS attack was possible in DPA 2023.2 due to insufficient input validation | 6.1 |
| 2023-04-25 | CVE-2023-23839 | Unspecified vulnerability in Solarwinds Platform The SolarWinds Platform was susceptible to the Exposure of Sensitive Information Vulnerability. | 6.5 |