The SolarWinds Security Event Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an unauthenticated user to abuse SolarWinds’ service, resulting in remote code execution.
oryginał ENCVSS Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HSolarwinds Security Event Manager
APPSolarwinds< 2023.4.1
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCEDeserialization
CWE
Powiązane podatności
CVE-2022-38113MEDIUM5.3ten sam produkt
This vulnerability discloses build and services versions in the server response header.
CVE-2022-38114MEDIUM6.1ten sam produkt
This vulnerability occurs when a web server fails to correctly process the Content-Length of POST requests. Th...
CVE-2022-38115MEDIUM5.3ten sam produkt
Insecure method vulnerability in which allowed HTTP methods are disclosed. E.g., OPTIONS, DELETE, TRACE, and P...
CVE-2025-40551CRITICAL9.8⚠ KEVPL ✓ten sam vendor
RCE przez deserializację w SolarWinds Web Help Desk — bez uwierzytelnienia
CVE-2025-26399CRITICAL9.8⚠ KEVPL ✓ten sam vendor
RCE przez deserializację AjaxProxy w SolarWinds Web Help Desk (nieuwierzytelniony)