Solarwinds Platform
Monthly
SolarWinds Platform is vulnerable to a reflected cross-site scripting vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.
The SolarWinds Platform is vulnerable to an information disclosure vulnerability through an error message. Rated low severity (CVSS 3.5), this vulnerability is low attack complexity. No vendor patch available.
SolarWinds Platform is affected by server-side request forgery vulnerability. Rated low severity (CVSS 3.5), this vulnerability is low attack complexity. No vendor patch available.
The SolarWinds Platform was susceptible to a XSS vulnerability that affects the search and node information section of the user interface. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.
The SolarWinds Platform was susceptible to a Cross-Site Scripting vulnerability when performing an edit function to existing elements. Rated medium severity (CVSS 5.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
SolarWinds Platform is susceptible to an Uncontrolled Search Path Element Local Privilege Escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
The SolarWinds Platform was determined to be affected by a stored cross-site scripting vulnerability affecting the web console. Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. No vendor patch available.
The SolarWinds Platform was determined to be affected by a Race Condition Vulnerability affecting the web console. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.
The SolarWinds Platform was determined to be affected by a SWQL Injection Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.
The SolarWinds Platform was determined to be affected by a reflected cross-site scripting vulnerability affecting the web console. Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. No vendor patch available.
The SolarWinds Platform was susceptible to a XSS vulnerability that affects the maps section of the user interface. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.
A SolarWinds Platform SWQL Injection Vulnerability was identified in the user interface. Rated high severity (CVSS 7.4), this vulnerability is low attack complexity. No vendor patch available.
The SolarWinds Platform was susceptible to a Arbitrary Open Redirection Vulnerability. Rated low severity (CVSS 3.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
SQL Injection Remote Code Vulnerability was found in the SolarWinds Platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
SolarWinds Platform Incomplete List of Disallowed Inputs Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.
Insecure job execution mechanism vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Access Control Bypass Vulnerability in the SolarWinds Platform that allows an underprivileged user to read arbitrary resource. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The SolarWinds Platform was susceptible to the Incorrect Behavior Order Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The SolarWinds Platform was susceptible to the Exposure of Sensitive Information Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Sensitive information was stored in plain text in a file that is accessible by a user with a local account in Hybrid Cloud Observability (HCO)/ SolarWinds Platform 2022.4. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Insufficient sanitization of inputs in QoE application input field could lead to stored and Dom based XSS attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
SolarWinds Platform is vulnerable to a reflected cross-site scripting vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.
The SolarWinds Platform is vulnerable to an information disclosure vulnerability through an error message. Rated low severity (CVSS 3.5), this vulnerability is low attack complexity. No vendor patch available.
SolarWinds Platform is affected by server-side request forgery vulnerability. Rated low severity (CVSS 3.5), this vulnerability is low attack complexity. No vendor patch available.
The SolarWinds Platform was susceptible to a XSS vulnerability that affects the search and node information section of the user interface. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.
The SolarWinds Platform was susceptible to a Cross-Site Scripting vulnerability when performing an edit function to existing elements. Rated medium severity (CVSS 5.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
SolarWinds Platform is susceptible to an Uncontrolled Search Path Element Local Privilege Escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
The SolarWinds Platform was determined to be affected by a stored cross-site scripting vulnerability affecting the web console. Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. No vendor patch available.
The SolarWinds Platform was determined to be affected by a Race Condition Vulnerability affecting the web console. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.
The SolarWinds Platform was determined to be affected by a SWQL Injection Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.
The SolarWinds Platform was determined to be affected by a reflected cross-site scripting vulnerability affecting the web console. Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. No vendor patch available.
The SolarWinds Platform was susceptible to a XSS vulnerability that affects the maps section of the user interface. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.
A SolarWinds Platform SWQL Injection Vulnerability was identified in the user interface. Rated high severity (CVSS 7.4), this vulnerability is low attack complexity. No vendor patch available.
The SolarWinds Platform was susceptible to a Arbitrary Open Redirection Vulnerability. Rated low severity (CVSS 3.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
SQL Injection Remote Code Vulnerability was found in the SolarWinds Platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
SolarWinds Platform Incomplete List of Disallowed Inputs Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.
Insecure job execution mechanism vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Access Control Bypass Vulnerability in the SolarWinds Platform that allows an underprivileged user to read arbitrary resource. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The SolarWinds Platform was susceptible to the Incorrect Behavior Order Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The SolarWinds Platform was susceptible to the Exposure of Sensitive Information Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Sensitive information was stored in plain text in a file that is accessible by a user with a local account in Hybrid Cloud Observability (HCO)/ SolarWinds Platform 2022.4. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Insufficient sanitization of inputs in QoE application input field could lead to stored and Dom based XSS attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.