Solarwinds Network Configuration Manager vulnerabilities
8 known vulnerabilities affecting solarwinds/network_configuration_manager.
Total CVEs
8
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH5MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2023-33227P2HIGHCVSS 8.8fixed in 2023.4v2023.4 and previous versions2023-11-01
CVE-2023-33227 [HIGH] CWE-22 CVE-2023-33227: The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vul
The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability This vulnerability allows a low level user to perform the actions with SYSTEM privileges.
nvd
CVE-2023-33226P2HIGHCVSS 8.8fixed in 2023.4v2023.4 and previous versions2023-11-01
CVE-2023-33226 [HIGH] CWE-22 CVE-2023-33226: The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vul
The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows a low-level user to perform the actions with SYSTEM privileges.
nvd
CVE-2023-40054P2HIGHCVSS 8.8≤ 2023.42023-11-09
CVE-2023-40054 [HIGH] CVE-2023-40054: The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vul
The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows a low-level user to perform the actions with SYSTEM privileges. We found this issue was not resolved in CVE-2023-33226
nvd
CVE-2023-40055P2HIGHCVSS 8.8≤ 2023.42023-11-09
CVE-2023-40055 [HIGH] CVE-2023-40055: The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vul
The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows a low-level user to perform the actions with SYSTEM privileges. We found this issue was not resolved in CVE-2023-33227
nvd
CVE-2023-23842P3HIGHCVSS 7.2fixed in 2023.32023-07-26
CVE-2023-23842 [HIGH] CWE-22 CVE-2023-23842: The SolarWinds Network Configuration Manager was susceptible to the Directory Traversal Vulnerabilit
The SolarWinds Network Configuration Manager was susceptible to the Directory Traversal Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands.
nvd
CVE-2014-3459P3MEDIUMCVSS 6.8≤ 7.2.2v7.2.0+1 more2014-08-07
CVE-2014-3459 [MEDIUM] CWE-119 CVE-2014-3459: Heap-based buffer overflow in SolarWinds Network Configuration Manager (NCM) before 7.3 allows remot
Heap-based buffer overflow in SolarWinds Network Configuration Manager (NCM) before 7.3 allows remote attackers to execute arbitrary code via the PEstrarg1 property.
nvd
CVE-2021-35226P3MEDIUMCVSS 6.5≤ 2020.2.5≥ 2020.2.5 and previous version, < 2020.2.52022-10-10
CVE-2021-35226 [MEDIUM] CWE-326 CVE-2021-35226: An entity in Network Configuration Manager product is misconfigured and exposing password field to S
An entity in Network Configuration Manager product is misconfigured and exposing password field to Solarwinds Information Service (SWIS). Exposed credentials are encrypted and require authenticated access with an NCM role.
nvd
CVE-2023-33228P4MEDIUMCVSS 4.9fixed in 2023.4v2023.3.1 and previous versions 2023-11-01
CVE-2023-33228 [MEDIUM] CWE-311 CVE-2023-33228: The SolarWinds Network Configuration Manager was susceptible to the Exposure of Sensitive Informatio
The SolarWinds Network Configuration Manager was susceptible to the Exposure of Sensitive Information Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to obtain sensitive information.
nvd