Vulnerabilities > Solarwinds > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-04-18 | CVE-2024-29003 | Unspecified vulnerability in Solarwinds Platform The SolarWinds Platform was susceptible to a XSS vulnerability that affects the maps section of the user interface. | 5.4 |
| 2024-04-18 | CVE-2024-28076 | Unspecified vulnerability in Solarwinds Platform The SolarWinds Platform was susceptible to a Arbitrary Open Redirection Vulnerability. | 4.7 |
| 2023-11-01 | CVE-2023-33228 | Unspecified vulnerability in Solarwinds Network Configuration Manager The SolarWinds Network Configuration Manager was susceptible to the Exposure of Sensitive Information Vulnerability. | 4.9 |
| 2023-07-18 | CVE-2023-33231 | Cross-site Scripting vulnerability in Solarwinds Database Performance Analyzer XSS attack was possible in DPA 2023.2 due to insufficient input validation | 6.1 |
| 2023-04-25 | CVE-2023-23839 | Unspecified vulnerability in Solarwinds Platform The SolarWinds Platform was susceptible to the Exposure of Sensitive Information Vulnerability. | 6.5 |
| 2023-04-25 | CVE-2023-23838 | Path Traversal vulnerability in Solarwinds Database Performance Analyzer Directory traversal and file enumeration vulnerability which allowed users to enumerate to different folders of the server. | 6.5 |
| 2023-04-21 | CVE-2022-47509 | Cross-site Scripting vulnerability in Solarwinds Orion Platform The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability. | 6.1 |
| 2023-01-20 | CVE-2022-38110 | Cross-site Scripting vulnerability in Solarwinds Database Performance Analyzer In Database Performance Analyzer (DPA) 2022.4 and older releases, certain URL vectors are susceptible to authenticated reflected cross-site scripting. | 5.4 |
| 2022-12-19 | CVE-2022-47512 | Cleartext Storage of Sensitive Information vulnerability in Solarwinds Platform 2022.4.0 Sensitive information was stored in plain text in a file that is accessible by a user with a local account in Hybrid Cloud Observability (HCO)/ SolarWinds Platform 2022.4. | 5.5 |
| 2022-12-16 | CVE-2022-38106 | Cross-site Scripting vulnerability in Solarwinds Serv-U 15.3.0/15.3.1 This vulnerability happens in the web client versions 15.3.0 to Serv-U 15.3.1. | 5.4 |