SolarWinds Security Vulnerabilities
You can Subscribe to this RSS Feed to be notified when we update this page (note: you will need to cut and paste the "Subscribe to this RSS feed" URL into an RSS Feed Reader, e.g., Outlook's RSS Subscriptions, to monitor updates).
ADVISORY | CVE ID | SEVERITY | RELEASE DATE | LAST UPDATE | FIXED VERSION |
---|---|---|---|---|---|
SolarWinds Web Help Desk Local File Read Vulnerability | CVE-2024-45709 | 5.3 Medium | 12/10/2024 | Web Help Desk 12.8.4 | |
SolarWinds Platform Cross-Site Scripting Vulnerability | CVE-2024-45717 | 7.0 High | 12/04/2024 | SolarWinds Platform 2024.4.1 | |
SolarWinds Platform Edit Function Cross-Site Scripting Vulnerability | CVE-2024-45715 | 7.1 High | 10/17/2024 | SolarWinds Platform 2024.4 | |
SolarWinds Platform Uncontrolled Search Path Element Local Privilege Escalation Vulnerability | CVE-2024-45710 | 7.8 High | 10/17/2024 | SolarWinds Platform 2024.4 | |
Stored XSS Vulnerability | CVE-2024-45714 | 5.7 Medium | 10/16/2024 | Serv-U 15.5 | |
Serv-U FTP Service Directory Traversal Remote Code Execution Vulnerability | CVE-2024-45711 | 7.5 High | 10/16/2024 | 10/16/2024 | Serv-U 15.5 |
SolarWinds Kiwi CatTools Sensitive Information Disclosure Vulnerability | CVE-2024-45713 | 5.1 Medium | 10/16/2024 | Kiwi CatTools 3.12.4 | |
SolarWinds Web Help Desk Java Deserialization Remote Code Execution Vulnerability | CVE-2024-28988 | 9.8 Critical | 10/15/2024 | SolarWinds Web Help Desk 12.8.3 HF 3 | |
SolarWinds Access Rights Manager (ARM) Hardcoded Credentials Authentication Bypass Vulnerability | CVE-2024-28990 | 6.3 Medium | 09/12/2024 | Access Rights Manager (ARM) 2024.3.1 SR | |
SolarWinds Access Rights Manager (ARM) Deserialization of Untrusted Data Remote Code Execution Vulnerability | CVE-2024-28991 | 9.0 Critical | 09/12/2024 | SolarWinds Access Rights Manager (ARM) 2024.3.1 | |
Web Help Desk Hardcoded Credential Vulnerability | CVE-2024-28987 | 9.1 Critical | 08/22/2024 | 12.8.3 HF2 | |
SolarWinds Web Help Desk Java Deserialization Remote Code Execution Vulnerability | CVE-2024-28986 | 9.8 Critical | 08/09/2024 | SolarWinds Web Help Desk 12.8.3 HF 1 | |
SolarWinds Access Rights Manager Traversal and Information Disclosure Vulnerability | CVE-2024-28993 | 7.6 High | 07/17/2024 | SolarWinds Access Rights Manager (ARM) 2024.3 | |
SolarWinds Access Rights Manager Traversal and Information Disclosure Vulnerability | CVE-2024-23468 | 7.6 High | 07/17/2024 | SolarWinds Access Rights Manager (ARM) 2024.3 | |
SolarWinds Access Rights Manager Traversal and Information Disclosure Vulnerability | CVE-2024-23475 | 9.6 Critical | 07/17/2024 | SolarWinds Access Rights Manager (ARM) 2024.3 | |
SolarWinds Access Rights Manager Directory Traversal Remote Code Execution Vulnerability | CVE-2024-23466 | 9.6 Critical | 07/17/2024 | SolarWinds Access Rights Manager (ARM) 2024.3 | |
SolarWinds Access Rights Manager Traversal and Information Disclosure Vulnerability | CVE-2024-28992 | 7.6 High | 07/17/2024 | SolarWinds Access Rights Manager (ARM) 2024.3 | |
SolarWinds ARM Directory Traversal Arbitrary File Deletion and Information Disclosure Vulnerability | CVE-2024-23472 | 9.6 Critical | 07/17/2024 | SolarWinds Access Rights Manager (ARM) 2024.3 | |
SolarWinds Access Rights Manager (ARM) Internal Deserialization Remote Code Execution Vulnerability | CVE-2024-28074 | 9.6 Critical | 07/17/2024 | SolarWinds Access Rights Manager (ARM) 2024.3 | |
SolarWinds Access Rights Manager Exposed Dangerous Method Remote Code Execution Vulnerability | CVE-2024-23469 | 9.6 Critical | 07/17/2024 | SolarWinds Access Rights Manager (ARM) 2024.3 | |
SolarWinds Access Rights Manager (ARM) ChangeHumster Exposed Dangerous Method Authentication Bypass Vulnerability | CVE-2024-23465 | 8.3 High | 07/17/2024 | SolarWinds Access Rights Manager (ARM) 2024.3 | |
SolarWinds Access Rights Manager Traversal Remote Code Execution Vulnerability | CVE-2024-23467 | 9.6 Critical | 07/17/2024 | SolarWinds Access Rights Manager (ARM) 2024.3 | |
SolarWinds Access Rights Manager (ARM) UserScriptHumster Exposed Dangerous Method Remote Command Execution Vulnerability | CVE-2024-23470 | 9.6 Critical | 07/17/2024 | SolarWinds Access Rights Manager (ARM) 2024.3 | |
SolarWinds Access Rights Manager (ARM) deleteTransferFile Directory Traversal Arbitrary File Deletion and Information Disclosure Vulnerability | CVE-2024-23474 | 7.6 High | 07/17/2024 | SolarWinds Access Rights Manager (ARM) 2024.3 | |
SolarWinds Access Rights Manager (ARM) CreateFile Directory Traversal Remote Code Execution Vulnerability | CVE-2024-23471 | 9.6 Critical | 07/17/2024 | SolarWinds Access Rights Manager (ARM) 2024.3 | |
SolarWinds Serv-U Local File Disclosure Directory Transversal Vulnerability | CVE-2024-28995 | 8.6 High | 06/05/2024 | 06/21/2024 | SolarWinds Serv-U 15.4.2 HF 2 |
SolarWinds Platform Race Condition Vulnerability (CVE-2024-28999) | CVE-2024-28999 | 6.4 High | 06/04/2024 | 06/04/2024 | SolarWinds Platform 2024.2 |
SolarWinds Platform SWQL Injection Vulnerability | CVE-2024-28996 | 7.5 High | 06/04/2024 | 06/04/2024 | SolarWinds Platform 2024.2 |
SolarWinds Platform Stored XSS Vulnerability | CVE-2024-29004 | 7.1 High | 06/04/2024 | 06/04/2024 | SolarWinds Platform 2024.2 |
SolarWinds ARM Deserialization of Untrusted Data Remote Code Execution Vulnerability | CVE-2024-28075 | 9.0 Critical | 05/09/2024 | 05/09/2024 | SolarWinds ARM 2023.2.4 |
SolarWinds Access Rights Manager (ARM) Hard-Coded Credentials Authentication Bypass Vulnerability | CVE-2024-23473 | 8.6 High | 05/09/2024 | SolarWinds Access Rights Manager (ARM) | |
Arbitrary File Overwrite Vulnerability | CVE-2024-28072 | 5.7 Medium | 05/03/2024 | Serv-U 15.4.2 Hotfix 1 | |
SolarWinds Platform Reflected XSS Vulnerability | CVE-2024-29000 | 7.9 High | 04/18/2024 | 05/20/2024 | SolarWinds Platform 2024.1 SR 1 |
SolarWinds Platform Arbitrary Open Redirection Vulnerability | CVE-2024-28076 | 7.0 High | 04/18/2024 | 04/18/2024 | SolarWinds Platform 2024.1 SR 1 |
SolarWinds Platform Cross Site Scripting Vulnerability | CVE-2024-29003 | 7.5 High | 04/18/2024 | 04/18/2024 | SolarWinds Platform 2024.1 SR 1 |
SolarWinds Platform SWQL Injection Vulnerability | CVE-2024-29001 | 7.5 High | 04/18/2024 | 04/18/2024 | SolarWinds Platform 2024.1 SR 1 |
SolarWinds Serv-U Directory Traversal Remote Code Execution Vulnerability | CVE-2024-28073 | 8.4 High | 04/17/2024 | 04/17/2024 | SolarWinds Serv-U 15.4.2 |
Dameware Remote Everywhere Fake Login Site Created to Steal User Credentials. | CVE-DRE-Advisory | 5.0 Medium | 04/10/2024 | ||
SolarWinds SEM Deserialization of Untrusted Data Remote Code Execution Vulnerability | CVE-2024-0692 | 8.8 High | 03/01/2024 | 03/01/2024 | SolarWinds SEM 2023.4.1 SR |
SolarWinds Access Rights Manager (ARM) Traversal Remote Code Execution Vulnerability | CVE-2024-23479 | 9.6 Critical | 02/06/2024 | 02/06/2024 | SolarWinds Access Rights Manager (ARM) 2023.2.3 |
SolarWinds Access Rights Manager (ARM) Deserialization of Untrusted Data Remote Code Execution Vulnerability | CVE-2024-23478 | 8.0 High | 02/06/2024 | 02/06/2024 | SolarWinds Access Rights Manager (ARM) 2023.2.3 |
SolarWinds Access Rights Manager (ARM) Traversal Remote Code Execution Vulnerability | CVE-2024-23477 | 7.9 High | 02/06/2024 | 02/06/2024 | SolarWinds Access Rights Manager (ARM) 2023.2.3 |
SolarWinds Access Rights Manager (ARM) Directory Traversal Remote Code Execution Vulnerability | CVE-2024-23476 | 9.6 Critical | 02/06/2024 | 02/06/2024 | SolarWinds Access Rights Manager (ARM) 2023.2.3 |
SQL Injection Remote Code Execution Vulnerability | CVE-2023-50395 | 8.0 High | 02/06/2024 | 02/06/2024 | SolarWinds Platform 2024.1 |
SolarWinds Access Rights Manager (ARM) Deserialization of Untrusted Data Remote Code Execution Vulnerability | CVE-2023-40057 | 9.0 Critical | 02/06/2024 | 02/06/2024 | SolarWinds Access Rights Manager (ARM) 2023.2.3 |
SQL Injection Remote Code Execution Vulnerability | CVE-2023-35188 | 8.0 High | 02/06/2024 | 02/06/2024 | SolarWinds Platform 2024.1 |
Sensitive Data Disclosure Vulnerability | CVE-2023-40058 | 7.6 High | 12/20/2023 | 12/20/2023 | Access Rights Manager (ARM) 2023.2.2 |
SSH Terrapin Prefix Truncation Weakness | CVE-2023-48795 | 5.9 Medium | 12/18/2023 | 01/29/2024 | |
HTML Injection Vulnerability on Serv-U 15.4 | CVE-2023-40053 | 4.6 Medium | 12/05/2023 | 12/05/2023 | Serv-U 15.4.1 |
SQL Injection Remote Code Execution Vulnerability | CVE-2023-40056 | 8.0 High | 11/28/2023 | SolarWinds Platform 2023.4.2 | |
Sensitive Information Disclosure Vulnerability | CVE-2023-33228 | 4.5 Medium | 11/01/2023 | Network Configuration Manager 2023.4 | |
Insecure Job Execution Mechanism Vulnerability | CVE-2023-40061 | 7.1 High | 11/01/2023 | SolarWinds Platform 2023.4 | |
Directory Traversal Remote Code Execution Vulnerability | CVE-2023-33226 | 8.0 High | 11/01/2023 | Network Configuration Manager 2023.4 | |
Directory Traversal Remote Code Execution Vulnerability | CVE-2023-33227 | 8.0 High | 11/01/2023 | 11/01/2023 | Network Configuration Manager 2023.4 |
SolarWinds Platform Incomplete List of Disallowed Inputs Remote Code Execution Vulnerability | CVE-2023-40062 | 8.0 High | 11/01/2023 | SolarWinds Platform 2023.4 | |
Directory Traversal Remote Code Execution Vulnerability | CVE-2023-40055 | 8.0 High | 11/01/2023 | Network Configuration Manager 2023.4.1 | |
Directory Traversal Remote Code Execution Vulnerability | CVE-2023-40054 | 8.0 High | 11/01/2023 | Network Configuration Manager 2023.4.1 | |
Apache ActiveMQ Vulnerability | CVE-2023-46604 | 10.0 Critical | 10/27/2023 | 10/28/2023 | |
SolarWinds ARM Deserialization of Untrusted Data Remote Code Execution Vulnerability | CVE-2023-35184 | 8.8 High | 10/18/2023 | 10/18/2023 | SolarWinds ARM 2023.2.1 |
SolarWinds ARM Deserialization of Untrusted Data Remote Code Execution Vulnerability | CVE-2023-35184 | 8.8 High | 10/18/2023 | 10/18/2023 | SolarWinds ARM 2023.2.1 |
SolarWinds Access Rights Manager Incorrect Default Permissions Local Privilege Escalation Vulnerability | CVE-2023-35183 | 7.8 High | 10/18/2023 | 10/18/2023 | SolarWinds ARM 2023.2.1 |
SolarWinds Access Rights Manager Directory Traversal Remote Code Execution Vulnerability | CVE-2023-35187 | 8.8 High | 10/18/2023 | 10/18/2023 | SolarWinds ARM 2023.2.1 |
SolarWinds ARM Deserialization of Untrusted Data Remote Code Execution Vulnerability | CVE-2023-35186 | 8.0 High | 10/18/2023 | 10/18/2023 | SolarWinds ARM 2023.2.1 |
SolarWinds Access Rights Manager OpenFile Directory Traversal Remote Code Execution Vulnerability | CVE-2023- 35185 | 8.8 High | 10/18/2023 | 10/18/2023 | SolarWinds ARM 2023.2.1 |
SolarWinds ARM Deserialization of Untrusted Data Remote Code Execution Vulnerability | CVE-2023-35182 | 8.8 High | 10/18/2023 | 10/18/2023 | SolarWinds ARM 2023.2.1 |
SolarWinds Access Rights Manager Incorrect Default Permissions Local Privilege Escalation Vulnerability | CVE-2023-35181 | 7.8 High | 10/18/2023 | 10/18/2023 | SolarWinds ARM 2023.2.1 |
SolarWinds Access Rights Manager Deserialization of Untrusted Data Remote Code Execution Vulnerability | CVE-2023-35180 | 8.0 High | 10/18/2023 | 10/18/2023 | SolarWinds ARM 2023.2.1 |
Recommendations for SolarWinds products | CVE-2023-44487 | 7.5 High | 10/10/2023 | 10/20/2023 | |
MFA/2FA Bypass Vulnerability in Serv-U 15.4: Serv-U 15.4 and 15.4 HF1 | CVE-2023-40060 | 6.6 Medium | 08/30/2023 | 08/30/2023 | Serv-U 15.4 HF2 |
MFA/2FA Bypass Vulnerability in Serv-U 15.4 | CVE-2023-35179 | 6.6 Medium | 08/04/2023 | 08/04/2023 | Serv-U 15.4 HF1 |
SolarWinds Platform Access Control Bypass Vulnerability | CVE-2023-3622 | 4.6 Medium | 07/18/2023 | 07/18/2023 | SolarWinds Platform 2023.3 |
SolarWinds Platform Incorrect Behavior Order Vulnerability | CVE-2023-33224 | 6.8 Medium | 07/18/2023 | 07/18/2023 | SolarWinds Platform 2023.3 |
SolarWinds Platform Incomplete List of Disallowed Inputs Vulnerability | CVE-2023-23844 | 6.8 Medium | 07/18/2023 | 07/18/2023 | SolarWinds Platform 2023.3 |
SolarWinds Platform Exposed Dangerous Method Vulnerability | CVE-2023-23840 | 6.8 Medium | 07/18/2023 | 07/18/2023 | SolarWinds Platform 2023.3.1 |
Cross-Site Scripting Vulnerability | CVE-2023-33231 | 5.4 Medium | 07/18/2023 | 07/18/2023 | Database Performance Analyzer(DPA) 2023.2.100 |
SolarWinds Platform Incorrect Input Neutralization Vulnerability | CVE-2023-33229 | 3.1 Low | 07/18/2023 | 07/18/2023 | SolarWinds Platform 2023.3 |
SolarWinds Platform Deserialization of Untrusted Data Vulnerability | CVE-2023-33225 | 6.8 Medium | 07/18/2023 | 07/18/2023 | SolarWinds Platform 2023.3 |
SolarWinds Platform Exposed Dangerous Method Vulnerability | CVE-2023-23845 | 6.8 Medium | 07/18/2023 | 07/18/2023 | SolarWinds Platform 2023.3.1 |
SolarWinds Platform Incorrect Comparison Vulnerability | CVE-2023-23843 | 6.8 Medium | 07/18/2023 | 07/18/2023 | SolarWinds Platform 2023.3 |
SolarWinds Network Configuration Manager Directory Traversal Vulnerability | CVE-2023-23842 | 6.8 Medium | 07/18/2023 | 07/18/2023 | Network Configuration Manager 2023.3 |
SolarWinds Serv-U Exposure of Sensitive Information Vulnerability | CVE-2023-23841 | 4.8 Medium | 05/17/2023 | 05/17/2023 | Serv-U 15.4 |
SolarWinds Platform Exposure of Sensitive Information Vulnerability | CVE-2023-23839 | 6.8 Medium | 04/20/2023 | 04/20/2023 | SolarWinds Platform 2023.2 |
SolarWinds Platform Local Privilege Escalation Vulnerability | CVE-2022-47505 | 7.8 High | 04/18/2023 | 04/18/2023 | SolarWinds Platform 2023.2 |
SolarWinds Platform Incorrect Input Neutralization Vulnerability | CVE-2022-47509 | 4.3 Medium | 04/18/2023 | 04/18/2023 | SolarWinds Platform 2023.2 |
SolarWinds Platform Command Injection Vulnerability | CVE-2022-36963 | 8.8 High | 04/18/2023 | 04/18/2023 | SolarWinds Platform 2023.2 |
No Exception Handling Vulnerability | CVE-2023-23837 | 4.3 Medium | 04/18/2023 | 04/18/2023 | Database Performance Analyzer (DPA) 2023.2 |
Directory traversal and file enumeration vulnerability | CVE-2023-23838 | 4.0 Medium | 04/18/2023 | 04/18/2023 | Database Performance Analyzer (DPA) 2023.2 |
SolarWinds Platform Deserialization of Untrusted Data Vulnerability | CVE-2022-38111 | 7.2 Medium | 02/15/2023 | 02/15/2023 | SolarWinds Platform 2023.1 |
SolarWinds Platform Directory Traversal | CVE-2022-47506 | 8.8 High | 02/15/2023 | 02/15/2023 | SolarWinds Platform 2023.1 |
SolarWinds Platform Deserialization of Untrusted Data Vulnerability | CVE-2023-23836 | 8.8 High | 02/15/2023 | 02/15/2023 | SolarWinds Platform 2023.1 |
SolarWinds Platform Deserialization of Untrusted Data Vulnerability | CVE-2022-47507 | 8.8 High | 02/15/2023 | 02/15/2023 | SolarWinds Platform 2023.1 |
SolarWinds Platform Deserialization of Untrusted Data Vulnerability | CVE-2022-47504 | 8.8 High | 02/15/2023 | 02/15/2023 | SolarWinds Platform 2023.1 |
SolarWinds Platform Deserialization of Untrusted Data Vulnerability | CVE-2022-47503 | 8.8 High | 02/15/2023 | 02/15/2023 | SolarWinds Platform 2023.1 |
Disable NTLM: SAM 2022.4 | CVE-2022-47508 | 7.5 High | 02/15/2023 | 02/15/2023 | Hybrid Cloud Observability 2023.1 |
Sensitive Information Disclosure Vulnerability | CVE-2022-38112 | 6.3 Medium | 01/18/2023 | Database Performance Analyzer 2023.1 | |
Reflected Cross-Site Scripting Vulnerability | CVE-2022-38110 | 6.3 Medium | 01/18/2023 | Database Performance Analyzer 2023.1 | |
Sensitive Data Disclosure Vulnerability | CVE-2022-47512 | 6.0 Medium | 12/16/2022 | SolarWinds Observability Self-Hosted / SolarWinds Platform 2022.4.1 | |
Cross-Site Scripting Vulnerability in Serv-U Web Client | CVE-2022-38106 | 7.5 High | 12/15/2022 | Serv-U 15.3.2 | |
Common Key Vulnerability in Serv-U FTP Server | CVE-2021-35252 | 6.5 Medium | 12/15/2022 | Serv-U 15.3.2 | |
Unprotected Transport of Credentials (HSTS) Vulnerability | CVE-2021-35246 | 5.3 Medium | 11/22/2022 | Engineer’s Toolset 2022.4 Desktop | |
SolarWinds Platform Improper Input Validation | CVE-2022-36960 | 8.8 High | 11/22/2022 | SolarWinds Platform 2022.4 | |
SolarWinds Platform Deserialization of Untrusted Data | CVE-2022-36964 | 8.8 High | 11/22/2022 | SolarWinds Platform 2022.4 | |
SolarWinds Platform Command Injection | CVE-2022-36962 | 7.2 High | 11/22/2022 | SolarWinds Platform 2022.4 | |
Insecure Methods Vulnerability | CVE-2022-38115 | 3.1 Low | 11/22/2022 | 11/22/2022 | SEM 2022.4 |
Information Disclosure Vulnerability | CVE-2022-38113 | 3.1 Low | 11/22/2022 | 11/22/2022 | SEM 2022.4 |
Client-Side Desync Vulnerability | CVE-2022-38114 | 3.7 Low | 11/22/2022 | 11/22/2022 | SEM 2022.4 |
OpenSSL buffer overflows in punycode decoding functions | CVE-2022-3602 CVE-2022-3786 | 7.5 High 7.5 High | 11/01/2022 | 11/10/2022 | OpenSSL 3.0.7 |
Apache Commons Text4Shell Vulnerability | CVE-2022-42889 | 9.8 Critical | 10/26/2022 | 10/27/2022 | |
SolarWinds Platform Deserialization of Untrusted Data | CVE-2022-38108 | 7.2 High | 10/19/2022 | SolarWinds Platform 2022.4 RC1 | |
SolarWinds Platform Deserialization of Untrusted Data | CVE-2022-36958 | 8.8 High | 10/19/2022 | SolarWinds Platform 2022.4 RC1 | |
SolarWinds Platform Deserialization of Untrusted Data | CVE-2022-36957 | 7.2 High | 10/19/2022 | SolarWinds Platform 2022.4 RC1 | |
Insecure Direct Object Reference Vulnerability: SolarWinds Platform 2022.3 | CVE-2022-36966 | 5.9 Medium | 10/19/2022 | SolarWinds Platform 2022.4 RC1 | |
Sensitive Data Disclosure Vulnerability | CVE-2022-38107 | 4.3 Medium | 10/18/2022 | 10/18/2022 | SQL Sentry 2022.4 |
Stored and DOM XSS in QoE Applications: Orion Platform | CVE-2022-36965 | 7.1 High | 09/28/2022 | SolarWinds Platform 2022.3 | |
SQL Injection in Orion Platform | CVE-2022-36961 | 8.0 High | 09/28/2022 | SolarWinds Platform 2022.3 | |
Hashed Credential Exposure Vulnerability | CVE-2021-35226 | 2.7 Low | 09/28/2022 | Hybrid Cloud Observability 2022.3 | |
Domain Admin Broken Access Control | CVE-2021-35249 | 4.3 Medium | 05/17/2022 | Serv-U 15.3.1 | |
Cross-Site Scripting Vulnerability using SQL Query | CVE-2021-35229 | 6.8 High | 04/19/2022 | DPA 2022.2 | |
0-day Vulnerabilities in Spring | CVE-2022-22963 CVE-2022-22965 | N/A | 03/31/2022 | 04/11/2022 | 00.000 |
Authenticated Remote Code Execution in Web Help Desk 12.7.8 | CVE-2021-35254 | 8.2 High | 03/24/2022 | 03/24/2022 | Web Help Desk 12.7.8 HF1 |
Directory Transversal Vulnerability in Serv-U 15.3 | CVE-2021-35250 | 7.5 High | 03/02/2022 | 03/02/2022 | Serv-U 15.3 HF 1 |
Sensitive Data Disclosure Vulnerability | CVE-2021-35251 | 5.3 Medium | 02/15/2022 | 02/15/2022 | WHD 12.7.8 |
Improper Input Validation Vulnerability in Serv-U | CVE-2021-35247 | 4.3 Medium | 01/18/2022 | 01/18/2022 | Serv-U 15.3 |
HTTP PUT & DELETE Methods Enabled | CVE-2021-35243 | 5.3 Medium | 12/24/2021 | Web Help Desk 12.7.7 HF1 | |
Unrestricted File Upload Causing Remote Code Execution: Orion 2020.2.6 | CVE-2021-35244 | 6.8 High | 12/20/2021 | Orion 2020.2.6 HF3 | |
Unrestricted access to Orion.UserSettings SWIS entity for low-privilege users | CVE-2021-35248 | 6.8 Medium | 12/20/2021 | Orion 2020.2.6 HF3 | |
Exposed Dangerous Functions - Privileged Escalation | CVE-2021-35234 | 8.0 High | 12/20/2021 | Orion Platform 2020.2.6 HF3 | |
JMSAppender Associated with Log4j Vulnerability | CVE-2021-4104 | 8.1 High | 12/17/2021 | 12/17/2021 | |
JNDI Lookup Functionality Associated with Log4j Vulnerability | CVE-2021-45046 | 9.0 Critical | 12/14/2021 | 12/23/2021 | |
Apache Log4j Critical Vulnerability | CVE-2021-44228 | 10.0 Critical | 12/12/2021 | 01/14/2022 | |
A valid CSRF token is present in response to an invalid request | CVE-2021-35242 | 8.3 High | 12/03/2021 | 12/03/2021 | Serv-U 15.2.5 |
Broken Access Control Vulnerability for Serv-U | CVE-2021-35245 | 8.4 High | 12/02/2021 | 12/02/2021 | Serv-U 15.2.5 |
Unquoted Path Vulnerability (SMB Login) with Kiwi CatTools | CVE-2021-35230 | 6.7 Medium | 10/19/2021 | Kiwi CatTools 3.12 | |
Unquoted Path Vulnerability - SMB Login | CVE-2021-35231 | 6.7 Medium | 10/19/2021 | Kiwi Syslog Server 9.8 | |
Reflected Cross Site Scripting affecting SolarWinds: DPA 2021.3.7388 | CVE-2021-35228 | 5.5 Medium | 10/19/2021 | DPA 2021.3.7438 | |
NPM Netpath Horizontal Privilege Escalation Vulnerability | CVE-2021-35225 | 5.0 Medium | 10/19/2021 | NPM 2020.2.6 HF2 | |
Missing Secure Flag from SSL Cookie Vulnerability | CVE-2021-35236 | 3.1 Low | 10/19/2021 | Kiwi Syslog Server 9.8 | |
Insecure Web Header Vulnerability - RabbitMQLogin | CVE-2021-35227 | 4.7 Medium | 10/19/2021 | ARM 2021.4 | |
HTTP TRACK and TRACK Methods Enabled Vulnerability | CVE-2021-35233 | 5.3 Medium | 10/19/2021 | Kiwi Syslog Server 9.8 | |
Clickjacking Vulnerability | CVE-2021-35237 | 5.0 Medium | 10/19/2021 | Kiwi Syslog Server 9.8 | |
ASP.NET Debug Feature Enabled Vulnerability | CVE-2021-35235 | 5.3 Medium | 10/19/2021 | Kiwi Syslog Server 9.8 | |
Pingdom Session Management Vulnerability | CVE-2021-35214 | 4.8 Medium | 09/13/2021 | Pingdom | |
Critical bug in SolarWinds Web Help Desk allows an attacker to execute Arbitrary Hibernate Queries | CVE-2021-35232 | 6.8 Medium | 09/13/2021 | Web Help Desk 12.7.7 Hotfix 1 | |
Insecure Deserialization Of Untrusted Data Causing Remote Code Execution Vulnerability | CVE-2021-35217 | 8.9 High | 08/20/2021 | Patch Manager 2020.2.6 HF1 | |
Execute Command Function Allows RCE Vulnerability | CVE-2021-35223 | 8.5 High | 08/20/2021 | Serv-U 15.2.4 | |
Access Restriction Bypass Via Referrer Spoof - Business Logic Bypass Vulnerability | CVE-2021-32076 | 5.8 Medium | 08/20/2021 | Web Help Desk 12.7.6 | |
Stored XSS Via Maps Text Box Hyperlink Vulnerability | CVE-2021-35239 | 7.5 High | 07/20/2021 | 08/24/2021 | Orion Platform 2020.2.6 HF1 |
Stored XSS Via Help Server Setting Vulnerability | CVE-2021-35240 | 6.5 High | 07/20/2021 | 08/24/2021 | Orion Platform 2020.2.6 HF1 |
Stored XSS Through URL POST Parameter In CreateExternalWebsite Vulnerability | CVE-2021-35238 | 7.1 High | 07/20/2021 | 08/24/2021 | Orion Platform 2020.2.6 HF1 |
Resource.aspx Reflected Cross-Site Scripting Vulnerability | CVE-2021-35222 | 8.0 High | 07/15/2021 | 08/24/2021 | Orion Platform 2020.2.6 HF1 |
Privilege Escalation Vulnerability | CVE-2021-31217 | 6.5 Medium | 07/15/2021 | Dameware 12.2 | |
Orion User setting Improper Access Control Privilege Escalation Vulnerability | CVE-2021-35213 | 8.9 High | 07/15/2021 | Orion Platform 2020.2.6 | |
Insecure Deserialization Of Untrusted Data Causing Remote Code Execution Vulnerability | CVE-2021-35216 | 8.9 High | 07/15/2021 | Patch Manager 2020.2.6 | |
ImportAlert Improper Access Control Tampering Vulnerability | CVE-2021-35221 | 6.3 Medium | 07/15/2021 | 08/24/2021 | Orion Platform 2020.2.6 HF 1 |
ExportToPdfCmd Arbitrary File Read Information Disclosure Vulnerability | CVE-2021-35219 | 6.0 Medium | 07/15/2021 | 08/24/2021 | Orion Platform 2020.2.6 HF1 |
EmailWebPage Command Injection Remote Code Execution Vulnerability | CVE-2021-35220 | 8.1 High | 07/15/2021 | 08/24/2021 | Orion Platform 2020.2.6 HF1 |
Chart Endpoint Deserialization of Untrusted Data RCE Vulnerability | CVE-2021-35218 | 8.9 High | 07/15/2021 | Patch Manager 2020.2.6 | |
Blind SQL Injection Vulnerability | CVE-2021-35212 | 8.9 High | 07/15/2021 | Orion Platform 2020.2.5 HF1, 2020.2.6, 2019.4.2, 2019.2 HF4 | |
ActionPluginBaseView Deserialization of Untrusted Data RCE Vulnerability | CVE-2021-35215 | 8.9 High | 07/15/2021 | Orion Platform 2020.2.6 | |
Serv-U Remote Memory Escape Vulnerability | CVE-2021-35211 | 9.0 Critical | 07/09/2021 | 07/15/2021 | Serv-U 15.2.3 HF2 |
Broken Access Control On Node Management Vulnerability | CVE-2021-28674 | 4.6 Medium | 05/13/2021 | Orion Platform 2020.2.6, 2020.2.5 HF1 | |
SenderEmail Parameter XSS Vulnerability | CVE-2021-32604 | 6.9 Medium | 05/05/2021 | Serv-U 15.2.3 | |
SolarWinds Orion Job Scheduler Remote Code Execution Vulnerability | CVE-2021-31475 | 8.8 High | 03/25/2021 | Orion Platform 2020.2.5 | |
SaveUserSetting Improper Access Control Privilege Escalation Vulnerability | CVE-2021-27258 | 8.9 High | 03/25/2021 | Orion Platform 2020.2.4 | |
Reverse Tabnabbing and Open Redirect Vulnerability | CVE-2021-3109 | 4.3 Medium | 03/25/2021 | Orion Platform 2020.2.5 | |
RCE via Actions and JSON Deserialization Vulnerability | CVE-2021-31474 | 9.1 Critical | 03/25/2021 | Orion Platform 2020.2.5 | |
Deserialization of Untrusted Data Privilege Escalation Vulnerability | CVE-2021-27277 | 8.8 High | 03/25/2021 | 04/14/2021 | SAM 2020.2.5 |
Unprivileged Users can get DBO owner Access Vulnerability | CVE-2021-25275 | 8.2 High | 02/05/2021 | Web Help Desk 12.7.7 HF1 | |
MSMQ Remote Code Execution Vulnerability | CVE-2021-25274 | 8.3 High | 02/05/2021 | Orion Platform 2020.2.4, 2019.4.2, 2019.2 HF4 | |
Windows "Users" Directory Weak ACLs Vulnerability | CVE-2021-25276 | 8.8 High | 01/18/2021 | 02/04/2021 | Serv-U 15.2.2 HF 1 |
Deserialization of Untrusted Data Privilege Escalation Vulnerability | CVE-2021-27240 | 8.7 High | 12/15/2020 | Patch Manager 2020.2.1 HF 1 | |
Heap Memory Corruption With RSA Private Key Operation | CVE-2022-2274 | 9.8 Critical |