This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Solarwinds First view 2014-08-07
Product Network Configuration Manager Last view 2023-11-09
Version Type Application
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:solarwinds:network_configuration_manager:7.2.0:*:*:*:*:*:*:* 7
cpe:2.3:a:solarwinds:network_configuration_manager:7.2.1:*:*:*:*:*:*:* 7
cpe:2.3:a:solarwinds:network_configuration_manager:*:*:*:*:*:*:*:* 7

Related : CVE

  Date Alert Description
8.8 2023-11-09 CVE-2023-40055

The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows a low-level user to perform the actions with SYSTEM privileges. We found this issue was not resolved in CVE-2023-33227

8.8 2023-11-09 CVE-2023-40054

The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows a low-level user to perform the actions with SYSTEM privileges. We found this issue was not resolved in CVE-2023-33226

4.9 2023-11-01 CVE-2023-33228

The SolarWinds Network Configuration Manager was susceptible to the Exposure of Sensitive Information Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to obtain sensitive information.

8.8 2023-11-01 CVE-2023-33227

The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability This vulnerability allows a low level user to perform the actions with SYSTEM privileges.

8.8 2023-11-01 CVE-2023-33226

The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows a low-level user to perform the actions with SYSTEM privileges.

6.5 2022-10-10 CVE-2021-35226

An entity in Network Configuration Manager product is misconfigured and exposing password field to Solarwinds Information Service (SWIS). Exposed credentials are encrypted and require authenticated access with an NCM role.

6.8 2014-08-07 CVE-2014-3459

Heap-based buffer overflow in SolarWinds Network Configuration Manager (NCM) before 7.3 allows remote attackers to execute arbitrary code via the PEstrarg1 property.

CWE : Common Weakness Enumeration

%idName
50% (1) CWE-326 Inadequate Encryption Strength
50% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

Nessus® Vulnerability Scanner

id Description
2014-05-12 Name: The remote web server hosts a web application affected by multiple vulnerabil...
File: solarwinds_orion_npm_10_7.nasl - Type: ACT_GATHER_INFO