cbcvebase.

Solarwinds Platform vulnerabilities

44 known vulnerabilities affecting solarwinds/solarwinds_platform.

Total CVEs
44
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH28MEDIUM12LOW3

Vulnerabilities

Page 1 of 3
CVE-2022-38108P2HIGHCVSS 7.2PoC≥ unspecified, ≤ 2022.3 and prior versions2022-10-20
CVE-2022-38108 [HIGH] CWE-502 CVE-2022-38108: SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability all SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
nvd
CVE-2022-36958P2HIGHCVSS 8.8≥ unspecified, ≤ 2022.3 and prior versions2022-10-20
CVE-2022-36958 [HIGH] CWE-502 CVE-2022-36958: SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability all SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands.
nvd
CVE-2022-38111P2HIGHCVSS 7.2≥ 2022.4.1 and prior versions, ≤ 2022.4.12023-02-15
CVE-2022-38111 [HIGH] CWE-502 CVE-2022-38111: SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability all SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
nvd
CVE-2023-23836P2HIGHCVSS 7.2≥ 2022.4.1 and prior versions, ≤ 2022.4.12023-02-15
CVE-2023-23836 [HIGH] CWE-502 CVE-2023-23836: SolarWinds Platform version 2022.4.1 was found to be susceptible to the Deserialization of Untrusted SolarWinds Platform version 2022.4.1 was found to be susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to the SolarWinds Web Console to execute arbitrary commands.
nvd
CVE-2024-28999P3HIGHCVSS 7.5PoCfixed in 2024.2v2024.1.1 and previous versions 2024-06-04
CVE-2024-28999 [HIGH] CWE-362 CVE-2024-28999: The SolarWinds Platform was determined to be affected by a Race Condition Vulnerability affecting th The SolarWinds Platform was determined to be affected by a Race Condition Vulnerability affecting the web console.
nvd
CVE-2022-36964P2HIGHCVSS 8.8≥ 2022.3 and prior versions, ≤ 2022.32022-11-29
CVE-2022-36964 [HIGH] CWE-502 CVE-2022-36964: SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability all SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands.
nvd
CVE-2022-47504P3HIGHCVSS 7.2≥ 2022.4.1 and prior versions, ≤ 2022.4.12023-02-15
CVE-2022-47504 [HIGH] CWE-502 CVE-2022-47504: SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability all SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
nvd
CVE-2022-47503P3HIGHCVSS 7.2v2022.4.1 and prior versions 2022.4.12023-02-15
CVE-2022-47503 [HIGH] CWE-502 CVE-2022-47503: SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability all SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
nvd
CVE-2023-40062P2HIGHCVSS 8.8fixed in 2023.4v2023.3.1 and previous versions 2023-11-01
CVE-2023-40062 [HIGH] CWE-20 CVE-2023-40062: SolarWinds Platform Incomplete List of Disallowed Inputs Remote Code Execution Vulnerability. If exe SolarWinds Platform Incomplete List of Disallowed Inputs Remote Code Execution Vulnerability. If executed, this vulnerability would allow a low-privileged user to execute commands with SYSTEM privileges.
nvd
CVE-2023-40056P2HIGHCVSS 8.8fixed in 2023.4.2v2023.4.1 and previous versions 2023-11-28
CVE-2023-40056 [HIGH] CWE-89 CVE-2023-40056: SQL Injection Remote Code Vulnerability was found in the SolarWinds Platform. This vulne SQL Injection Remote Code Vulnerability was found in the SolarWinds Platform. This vulnerability can be exploited with a low privileged account.
nvd
CVE-2024-52606P3CRITICALCVSS 9.8fixed in 2025.12025-02-11
CVE-2024-52606 [CRITICAL] CWE-918 CVE-2024-52606: SolarWinds Platform is affected by server-side request forgery vulnerability. Proper input sanitatio SolarWinds Platform is affected by server-side request forgery vulnerability. Proper input sanitation was not applied allowing for the possibility of a malicious web request.
nvd
CVE-2022-36957P3HIGHCVSS 7.2≥ unspecified, ≤ 2022.3 and prior versions2022-10-20
CVE-2022-36957 [HIGH] CWE-502 CVE-2022-36957: SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability all SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
nvd
CVE-2022-36962P3HIGHCVSS 7.2≥ 2022.3 and prior versions, ≤ 2022.32022-11-29
CVE-2022-36962 [HIGH] CWE-78 CVE-2022-36962: SolarWinds Platform was susceptible to Command Injection. This vulnerability allows a remote adversa SolarWinds Platform was susceptible to Command Injection. This vulnerability allows a remote adversary with complete control over the SolarWinds database to execute arbitrary commands.
nvd
CVE-2022-47507P3HIGHCVSS 7.2≥ 2022.4.1 and prior versions, ≤ 2022.4.12023-02-15
CVE-2022-47507 [HIGH] CWE-502 CVE-2022-47507: SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability all SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
nvd
CVE-2023-23840P3HIGHCVSS 7.2fixed in 2023.3.12023-09-13
CVE-2023-23840 [HIGH] CWE-697 CVE-2023-23840: The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerabilit The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges.
nvd
CVE-2023-23845P3HIGHCVSS 7.2fixed in 2023.3.12023-09-13
CVE-2023-23845 [HIGH] CWE-697 CVE-2023-23845: The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerabilit The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges.
nvd
CVE-2022-36960P3HIGHCVSS 8.8≥ 2022.3 and prior versions, < 2022.32022-11-29
CVE-2022-36960 [HIGH] CWE-20 CVE-2022-36960: SolarWinds Platform was susceptible to Improper Input Validation. This vulnerability allows a remote SolarWinds Platform was susceptible to Improper Input Validation. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to escalate user privileges.
nvd
CVE-2023-33225P3HIGHCVSS 7.2fixed in 2023.3.0fixed in 2023.32023-07-26
CVE-2023-33225 [HIGH] CWE-697 CVE-2023-33225: The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerabilit The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with SYSTEM privileges.
nvd
CVE-2023-23844P3HIGHCVSS 7.2fixed in 2023.3.0fixed in 2023.32023-07-26
CVE-2023-23844 [HIGH] CWE-184 CVE-2023-23844: The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerabilit The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with SYSTEM privileges.
nvd
CVE-2023-33224P3HIGHCVSS 7.2fixed in 2023.3.0fixed in 2023.32023-07-26
CVE-2023-33224 [HIGH] CWE-696 CVE-2023-33224: The SolarWinds Platform was susceptible to the Incorrect Behavior Order Vulnerability. This vulnerab The SolarWinds Platform was susceptible to the Incorrect Behavior Order Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges.
nvd
Solarwinds Platform vulnerabilities | cvebase