Vulnerabilities > Solarwinds > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-04-25 CVE-2023-23838 Path Traversal vulnerability in Solarwinds Database Performance Analyzer
Directory traversal and file enumeration vulnerability which allowed users to enumerate to different folders of the server.
network
low complexity
solarwinds CWE-22
6.5
6.5
2023-04-21 CVE-2022-47509 Cross-site Scripting vulnerability in Solarwinds Orion Platform
The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability.
network
low complexity
solarwinds CWE-79
6.1
6.1
2023-01-20 CVE-2022-38110 Cross-site Scripting vulnerability in Solarwinds Database Performance Analyzer
In Database Performance Analyzer (DPA) 2022.4 and older releases, certain URL vectors are susceptible to authenticated reflected cross-site scripting.
network
low complexity
solarwinds CWE-79
5.4
5.4
2022-12-19 CVE-2022-47512 Cleartext Storage of Sensitive Information vulnerability in Solarwinds Platform 2022.4.0
Sensitive information was stored in plain text in a file that is accessible by a user with a local account in Hybrid Cloud Observability (HCO)/ SolarWinds Platform 2022.4.
local
low complexity
solarwinds CWE-312
5.5
5.5
2022-12-16 CVE-2022-38106 Cross-site Scripting vulnerability in Solarwinds Serv-U 15.3.0/15.3.1
This vulnerability happens in the web client versions 15.3.0 to Serv-U 15.3.1.
network
low complexity
solarwinds CWE-79
5.4
5.4
2022-11-23 CVE-2021-35246 Cleartext Transmission of Sensitive Information vulnerability in Solarwinds Engineer'S Toolset 2020.2.6
The application fails to prevent users from connecting to it over unencrypted connections.
network
low complexity
solarwinds CWE-319
5.3
5.3
2022-11-23 CVE-2022-38113 Information Exposure vulnerability in Solarwinds Security Event Manager 2022.4
This vulnerability discloses build and services versions in the server response header.
network
low complexity
solarwinds CWE-200
5.3
5.3
2022-11-23 CVE-2022-38114 HTTP Request Smuggling vulnerability in Solarwinds Security Event Manager
This vulnerability occurs when a web server fails to correctly process the Content-Length of POST requests.
network
low complexity
solarwinds CWE-444
6.1
6.1
2022-11-23 CVE-2022-38115 Interpretation Conflict vulnerability in Solarwinds Security Event Manager
Insecure method vulnerability in which allowed HTTP methods are disclosed.
network
low complexity
solarwinds CWE-436
5.3
5.3
2022-10-20 CVE-2022-36966 Authorization Bypass Through User-Controlled Key vulnerability in Solarwinds Orion Platform
Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds Platform 2022.3 and previous.
network
low complexity
solarwinds CWE-639
5.4
5.4