Vulnerabilities > Solarwinds > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-04-18 CVE-2024-29003 Unspecified vulnerability in Solarwinds Platform
The SolarWinds Platform was susceptible to a XSS vulnerability that affects the maps section of the user interface.
network
low complexity
solarwinds
5.4
2024-04-18 CVE-2024-28076 Unspecified vulnerability in Solarwinds Platform
The SolarWinds Platform was susceptible to a Arbitrary Open Redirection Vulnerability.
network
low complexity
solarwinds
4.7
2023-11-01 CVE-2023-33228 Unspecified vulnerability in Solarwinds Network Configuration Manager
The SolarWinds Network Configuration Manager was susceptible to the Exposure of Sensitive Information Vulnerability.
network
low complexity
solarwinds
4.9
2023-07-18 CVE-2023-33231 Cross-site Scripting vulnerability in Solarwinds Database Performance Analyzer
XSS attack was possible in DPA 2023.2 due to insufficient input validation
network
low complexity
solarwinds CWE-79
6.1
2023-04-25 CVE-2023-23839 Unspecified vulnerability in Solarwinds Platform
The SolarWinds Platform was susceptible to the Exposure of Sensitive Information Vulnerability.
network
low complexity
solarwinds
6.5
2023-04-25 CVE-2023-23838 Path Traversal vulnerability in Solarwinds Database Performance Analyzer
Directory traversal and file enumeration vulnerability which allowed users to enumerate to different folders of the server.
network
low complexity
solarwinds CWE-22
6.5
2023-04-21 CVE-2022-47509 Cross-site Scripting vulnerability in Solarwinds Orion Platform
The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability.
network
low complexity
solarwinds CWE-79
6.1
2023-01-20 CVE-2022-38110 Cross-site Scripting vulnerability in Solarwinds Database Performance Analyzer
In Database Performance Analyzer (DPA) 2022.4 and older releases, certain URL vectors are susceptible to authenticated reflected cross-site scripting.
network
low complexity
solarwinds CWE-79
5.4
2022-12-19 CVE-2022-47512 Cleartext Storage of Sensitive Information vulnerability in Solarwinds Platform 2022.4.0
Sensitive information was stored in plain text in a file that is accessible by a user with a local account in Hybrid Cloud Observability (HCO)/ SolarWinds Platform 2022.4.
local
low complexity
solarwinds CWE-312
5.5
2022-12-16 CVE-2022-38106 Cross-site Scripting vulnerability in Solarwinds Serv-U 15.3.0/15.3.1
This vulnerability happens in the web client versions 15.3.0 to Serv-U 15.3.1.
network
low complexity
solarwinds CWE-79
5.4