Solarwinds Luki w zabezpieczeniach

Oś czasu

Rodzaj

Not Defined	126
File Transfer Software	51
Remote Access Software	11
Network Management Software	10
Virtualization Software	3

Produkt

SolarWinds Orion Platform	34
SolarWinds Serv-U	22
SolarWinds Platform	16
SolarWinds Serv-U FTP Server	14
SolarWinds Web Help Desk	12

Przeciwdziałanie

Official Fix	138
Temporary Fix	0
Workaround	0
Unavailable	1
Not Defined	65

Wykorzystywanie

High	7
Functional	0
Proof-of-Concept	13
Unproven	5
Not Defined	179

Wektor dostępu

Not Defined	0
Physical	1
Local	16
Adjacent	29
Network	158

Uwierzytelnianie

Not Defined	0
High	28
Low	83
None	93

Interakcja z użytkownikiem

Not Defined	0
Required	54
None	150

C3BM Index

CVSSv3 Base

≤1	0
≤2	0
≤3	4
≤4	23
≤5	35
≤6	42
≤7	34
≤8	45
≤9	14
≤10	7

CVSSv3 Temp

≤1	0
≤2	0
≤3	4
≤4	25
≤5	43
≤6	38
≤7	43
≤8	31
≤9	13
≤10	7

VulDB

≤1	0
≤2	3
≤3	13
≤4	32
≤5	36
≤6	42
≤7	21
≤8	43
≤9	7
≤10	7

NVD

≤1	0
≤2	0
≤3	0
≤4	0
≤5	11
≤6	16
≤7	13
≤8	23
≤9	12
≤10	15

CNA

≤1	0
≤2	0
≤3	1
≤4	5
≤5	9
≤6	8
≤7	10
≤8	11
≤9	11
≤10	0

Sprzedawca

≤1	0
≤2	0
≤3	0
≤4	0
≤5	0
≤6	0
≤7	0
≤8	0
≤9	0
≤10	0

Research

≤1	0
≤2	0
≤3	0
≤4	0
≤5	0
≤6	0
≤7	0
≤8	0
≤9	0
≤10	0

Exploit 0-day

<1k	54
<2k	70
<5k	79
<10k	0
<25k	0
<50k	1
<100k	0
≥100k	0

Wykorzystaj dzisiaj

<1k	195
<2k	6
<5k	2
<10k	1
<25k	0
<50k	0
<100k	0
≥100k	0

Wykorzystaj wielkość rynku

🔴 CTI Zajęcia

Affected Products (57): ARM (1), Advanced Monitoring Agent (1), Application Monitor (2), Backup Profiler (1), DPA (3), DameWare Mini Remote Control (4), DameWare Remote Mini Control (3), DameWare Remote Support (1), Dameware (1), Dameware Mini Remote Client Agent (1), Dameware Remote Mini Controller (1), Database Performance (1), Database Performance Analyzer (3), Database Performance Monitor (1), ETS (1), Event Manager (3), Event Manager (3), FTP Voyager (1), Firewall Security Manager (1), Kiwi CatTools (1), Kiwi Syslog Server (5), LEM (2), Log (3), Log (3), MSP PME Cache Service (1), N-Able N-Central (1), N-Central (3), N-central (6), Network Configuration Manager (2), Network Performance Monitor (9), Orion (5), Orion Job Scheduler (1), Orion NPM (1), Orion Network Management (1), Orion Network Performance Monitor (5), Orion Platform (34), Orion Virtual Infrastructure Monitor (1), Patch Manager (3), Platform (16), Product (1), SEM (3), SFTP SCP Server (2), SQL Sentry (1), Serv-U (22), Serv-U Console (1), Serv-U FTP Server (14), Serv-U File Server (5), Serv-U MFT (1), Serv-U Managed File Transfer (2), Server (2), Storage Manager (4), Storage Profiler (1), Storage Resource Monitor (1), TFTP Server (6), Virtualization Manager (3), WebHelpDesk (2), Web Help Desk (12)

Link to Vendor Website: https://www.solarwinds.com/

Opublikowano	Base	Temp	Słaby punkt	Prod	Wyk	Prz	CTI	EPSS	CVE
2023-04-26	5.1	5.1	SolarWinds Orion Platform/Platform information disclosure	Nieznany	Not Defined	Official Fix	0.04	0.00049	CVE-2023-23839
2023-04-25	2.9	2.9	SolarWinds Database Performance Analyzer directory traversal	Nieznany	Not Defined	Official Fix	0.00	0.00050	CVE-2023-23838
2023-04-25	4.3	4.2	SolarWinds Database Performance Analyzer information disclosure	Nieznany	Not Defined	Official Fix	0.07	0.00087	CVE-2023-23837
2023-04-21	7.8	7.6	SolarWinds Platform privilege escalation	Nieznany	Not Defined	Official Fix	0.04	0.00051	CVE-2022-47505
2023-04-21	4.3	4.2	SolarWinds Platform URL Parameter cross site scripting	Nieznany	Not Defined	Official Fix	0.04	0.00046	CVE-2022-47509
2023-04-21	8.8	8.6	SolarWinds Platform privilege escalation	Nieznany	Not Defined	Official Fix	0.03	0.00086	CVE-2022-36963
2023-02-15	7.6	7.5	SolarWinds Platform Configuration directory traversal	Nieznany	Not Defined	Official Fix	0.05	0.00201	CVE-2022-47506
2023-02-15	6.4	6.3	SolarWinds Platform NTLM Traffic weak authentication	Nieznany	Not Defined	Official Fix	0.05	0.00087	CVE-2022-47508
2023-02-15	7.7	7.6	SolarWinds Platform Web Console privilege escalation	Nieznany	Not Defined	Official Fix	0.04	0.00075	CVE-2023-23836
2023-02-15	7.7	7.6	SolarWinds Platform Web Console privilege escalation	Nieznany	Not Defined	Official Fix	0.04	0.00075	CVE-2022-47507
2023-02-15	8.0	7.8	SolarWinds Platform Web Console privilege escalation	Nieznany	Not Defined	Official Fix	0.05	0.00051	CVE-2022-47504
2023-02-15	8.3	8.1	SolarWinds Platform privilege escalation	Nieznany	Not Defined	Official Fix	0.04	0.00075	CVE-2022-47503
2023-02-15	7.2	7.0	SolarWinds Platform Web Console privilege escalation	Nieznany	Not Defined	Official Fix	0.03	0.00075	CVE-2022-38111
2023-01-21	4.7	4.7	SolarWinds DPA URL cross site scripting	Nieznany	Not Defined	Official Fix	0.09	0.00045	CVE-2022-38110
2023-01-21	4.0	4.0	SolarWinds DPA weak encryption	Nieznany	Not Defined	Official Fix	0.02	0.00087	CVE-2022-38112
2022-12-19	4.6	4.6	SolarWinds Platform weak encryption	Nieznany	Not Defined	Official Fix	0.03	0.00043	CVE-2022-47512
2022-12-16	5.1	5.1	SolarWinds Serv-U Directory Creation cross site scripting	File Transfer Software	Not Defined	Official Fix	0.00	0.00052	CVE-2022-38106
2022-12-16	5.8	5.8	SolarWinds Serv-U FTP Server weak encryption	File Transfer Software	Not Defined	Official Fix	0.03	0.00056	CVE-2021-35252
2022-11-24	8.8	8.6	SolarWinds Network Performance Monitor WebUserSettingsCrudHandler privilege escalation	Network Management Software	Not Defined	Official Fix	0.00	0.00136	CVE-2022-36960
2022-11-24	7.2	7.0	SolarWinds Network Performance Monitor GetPdf privilege escalation	Network Management Software	Not Defined	Official Fix	0.09	0.00089	CVE-2022-36962
2022-11-24	8.8	8.4	SolarWinds Network Performance Monitor DeserializeFromStrippedXml privilege escalation	Network Management Software	Not Defined	Official Fix	0.03	0.00075	CVE-2022-36964
2022-11-23	4.7	4.6	SolarWinds SEM HTTP Request cross site scripting	Nieznany	Not Defined	Official Fix	0.00	0.00046	CVE-2022-38114
2022-11-23	3.8	3.8	SolarWinds SEM HTTP Method information disclosure	Nieznany	Not Defined	Official Fix	0.00	0.00046	CVE-2022-38115
2022-11-23	3.8	3.8	SolarWinds SEM Server Response information disclosure	Nieznany	Not Defined	Official Fix	0.00	0.00046	CVE-2022-38113
2022-11-23	4.5	4.4	SolarWinds ETS Network Traffic weak encryption	Nieznany	Not Defined	Official Fix	0.03	0.00053	CVE-2021-35246

Solarwinds Luki w zabezpieczeniach

Oś czasu

Rodzaj

Produkt

Przeciwdziałanie

Wykorzystywanie

Wektor dostępu

Uwierzytelnianie

Interakcja z użytkownikiem

C3BM Index

CVSSv3 Base

CVSSv3 Temp

VulDB

NVD

CNA

Sprzedawca

Research

Exploit 0-day

Wykorzystaj dzisiaj

Wykorzystaj wielkość rynku

🔴 CTI Zajęcia

🔒 Login Required

Are you interested in using VulDB?