Solarwinds Solarwinds Platform — known CVE vulnerabilities
Every CVE whose affected-product data names Solarwinds Solarwinds Platform, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (27)
CVE-2023-40061 — CVSS 8.8 (high): Insecure job execution mechanism vulnerability. This vulnerability can lead to other attacks as a result.
CVE-2023-50395 — CVSS 8.0 (high): SQL Injection Remote Code Execution Vulnerability was found using an update statement in the SolarWinds Platform. This vulnerability…
CVE-2023-40062 — CVSS 8.0 (high): SolarWinds Platform Incomplete List of Disallowed Inputs Remote Code Execution Vulnerability. If executed, this vulnerability would allow a…
CVE-2023-40056 — CVSS 8.0 (high): SQL Injection Remote Code Vulnerability was found in the SolarWinds Platform. This vulnerability can be exploited with a low privileged…
CVE-2023-35188 — CVSS 8.0 (high): SQL Injection Remote Code Execution Vulnerability was found using a create statement in the SolarWinds Platform. This vulnerability…
CVE-2024-29000 — CVSS 7.9 (high): The SolarWinds Platform was determined to be affected by a reflected cross-site scripting vulnerability affecting the web console. A…
CVE-2024-45710 — CVSS 7.8 (high): SolarWinds Platform is susceptible to an Uncontrolled Search Path Element Local Privilege Escalation vulnerability. This requires a low…
CVE-2024-29001 — CVSS 7.5 (high): A SolarWinds Platform SWQL Injection Vulnerability was identified in the user interface. This vulnerability requires authentication and…
CVE-2024-28996 — CVSS 7.5 (high): The SolarWinds Platform was determined to be affected by a SWQL Injection Vulnerability. Attack complexity is high for this vulnerability.
CVE-2024-29003 — CVSS 7.5 (high): The SolarWinds Platform was susceptible to a XSS vulnerability that affects the maps section of the user interface. This vulnerability…
CVE-2023-33224 — CVSS 7.2 (high): The SolarWinds Platform was susceptible to the Incorrect Behavior Order Vulnerability. This vulnerability allows users with administrative…
CVE-2023-33225 — CVSS 7.2 (high): The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative…
CVE-2023-23843 — CVSS 7.2 (high): The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative…
CVE-2023-23844 — CVSS 7.2 (high): The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative…
CVE-2024-29004 — CVSS 7.1 (high): The SolarWinds Platform was determined to be affected by a stored cross-site scripting vulnerability affecting the web console. A…
CVE-2024-45715 — CVSS 7.1 (high): The SolarWinds Platform was susceptible to a Cross-Site Scripting vulnerability when performing an edit function to existing elements.
CVE-2024-45717 — CVSS 7.0 (high): The SolarWinds Platform was susceptible to a XSS vulnerability that affects the search and node information section of the user interface…
CVE-2024-28076 — CVSS 7.0 (high): The SolarWinds Platform was susceptible to a Arbitrary Open Redirection Vulnerability. A potential attacker can redirect to different…
CVE-2024-52612 — CVSS 6.8 (medium): SolarWinds Platform is vulnerable to a reflected cross-site scripting vulnerability. This was caused by an insufficient sanitation of input…
CVE-2023-23839 — CVSS 6.5 (medium): The SolarWinds Platform was susceptible to the Exposure of Sensitive Information Vulnerability. This vulnerability allows users to access…
CVE-2024-28999 — CVSS 6.4 (medium): The SolarWinds Platform was determined to be affected by a Race Condition Vulnerability affecting the web console.
CVE-2022-36965 — CVSS 6.1 (medium): Insufficient sanitization of inputs in QoE application input field could lead to stored and Dom based XSS attack. This issue is fixed and…
CVE-2022-47512 — CVSS 5.5 (medium): Sensitive information was stored in plain text in a file that is accessible by a user with a local account in Hybrid Cloud Observability…
CVE-2023-3622 — CVSS 4.3 (medium): Access Control Bypass Vulnerability in the SolarWinds Platform that allows an underprivileged user to read arbitrary resource
CVE-2023-33229 — CVSS 3.5 (low): The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability. This vulnerability allows a remote adversary…
CVE-2024-52606 — CVSS 3.5 (low): SolarWinds Platform is affected by server-side request forgery vulnerability. Proper input sanitation was not applied allowing for the…
CVE-2024-52611 — CVSS 3.5 (low): The SolarWinds Platform is vulnerable to an information disclosure vulnerability through an error message. While the data does not provide…