HIGH🇬🇧 English

CVE-2024-0692

CVSS 8.8v3.1pub. 2024-03-01upd. 2025-02-26

The SolarWinds Security Event Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an unauthenticated user to abuse SolarWinds’ service, resulting in remote code execution.

oryginał EN
CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Solarwinds Security Event Manager

    APP
    Solarwinds
    < 2023.4.1
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCEDeserialization
CWE
Referencje

Powiązane podatności

CVE-2022-38113MEDIUM5.3ten sam produkt

This vulnerability discloses build and services versions in the server response header.

CVE-2022-38114MEDIUM6.1ten sam produkt

This vulnerability occurs when a web server fails to correctly process the Content-Length of POST requests. Th...

CVE-2022-38115MEDIUM5.3ten sam produkt

Insecure method vulnerability in which allowed HTTP methods are disclosed. E.g., OPTIONS, DELETE, TRACE, and P...

CVE-2025-40551CRITICAL9.8⚠ KEVPL ✓ten sam vendor

RCE przez deserializację w SolarWinds Web Help Desk — bez uwierzytelnienia

CVE-2025-26399CRITICAL9.8⚠ KEVPL ✓ten sam vendor

RCE przez deserializację AjaxProxy w SolarWinds Web Help Desk (nieuwierzytelniony)