This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands. SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This issue is fixed and released in SolarWinds Platform (2022.3.0). ![]() Insufficient sanitization of inputs in QoE application input field could lead to stored and Dom based XSS attack. Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds Platform 2022.3 and previous. This vulnerability allows a local adversary with authenticated account access to edit the default configuration, enabling the execution of arbitrary commands. ![]() SolarWinds Platform was susceptible to the Directory Traversal Vulnerability. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands. Sensitive information was stored in plain text in a file that is accessible by a user with a local account in Hybrid Cloud Observability (HCO)/ SolarWinds Platform 2022.4. This vulnerability allows a remote adversary with Orion admin-level account access to the SolarWinds Web Console to execute arbitrary commands. SolarWinds Platform version 2022.4.1 was found to be susceptible to the Deserialization of Untrusted Data.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |