SolarWinds Security Vulnerabilities

security-advisories-index-hero.png

You can Subscribe to this RSS Feed to be notified when we update this page (note: you will need to cut and paste the "Subscribe to this RSS feed" URL into an RSS Feed Reader, e.g., Outlook's RSS Subscriptions, to monitor updates).

ADVISORYCVE IDSEVERITYRELEASE DATELAST UPDATEFIXED VERSION
Arbitrary File Overwrite VulnerabilityCVE-2024-28072

5.7 Medium

05/03/2024Serv-U 15.4.2 Hotfix 1
SolarWinds Platform Arbitrary Open Redirection VulnerabilityCVE-2024-28076

7.0 High

04/18/202404/18/2024SolarWinds Platform 2024.1 SR 1
SolarWinds Platform Cross Site Scripting VulnerabilityCVE-2024-29003

7.5 High

04/18/202404/18/2024SolarWinds Platform 2024.1 SR 1
SolarWinds Platform SWQL Injection VulnerabilityCVE-2024-29001

7.5 High

04/18/202404/18/2024SolarWinds Platform 2024.1 SR 1
SolarWinds Serv-U Directory Traversal Remote Code Execution VulnerabilityCVE-2024-28073

8.4 High

04/17/202404/17/2024SolarWinds Serv-U 15.4.2
Dameware Remote Everywhere Fake Login Site Created to Steal User Credentials.CVE-DRE-Advisory

5.0 Medium

04/10/2024
SolarWinds SEM Deserialization of Untrusted Data Remote Code Execution VulnerabilityCVE-2024-0692

8.8 High

03/01/202403/01/2024SolarWinds SEM 2023.4.1 SR
SolarWinds Access Rights Manager (ARM) Traversal Remote Code Execution VulnerabilityCVE-2024-23479

9.6 Critical

02/06/202402/06/2024SolarWinds Access Rights Manager (ARM) 2023.2.3
SolarWinds Access Rights Manager (ARM) Deserialization of Untrusted Data Remote Code Execution VulnerabilityCVE-2024-23478

8.0 High

02/06/202402/06/2024SolarWinds Access Rights Manager (ARM) 2023.2.3
SolarWinds Access Rights Manager (ARM) Traversal Remote Code Execution VulnerabilityCVE-2024-23477

7.9 High

02/06/202402/06/2024SolarWinds Access Rights Manager (ARM) 2023.2.3
SolarWinds Access Rights Manager (ARM) Directory Traversal Remote Code Execution VulnerabilityCVE-2024-23476

9.6 Critical

02/06/202402/06/2024SolarWinds Access Rights Manager (ARM) 2023.2.3
SQL Injection Remote Code Execution VulnerabilityCVE-2023-50395

8.0 High

02/06/202402/06/2024SolarWinds Platform 2024.1
SolarWinds Access Rights Manager (ARM) Deserialization of Untrusted Data Remote Code Execution VulnerabilityCVE-2023-40057

9.0 Critical

02/06/202402/06/2024SolarWinds Access Rights Manager (ARM) 2023.2.3
SQL Injection Remote Code Execution VulnerabilityCVE-2023-35188

8.0 High

02/06/202402/06/2024SolarWinds Platform 2024.1
Sensitive Data Disclosure VulnerabilityCVE-2023-40058

7.6 High

12/20/202312/20/2023Access Rights Manager (ARM) 2023.2.2
SSH Terrapin Prefix Truncation WeaknessCVE-2023-48795

5.9 Medium

12/18/202301/29/2024
HTML Injection Vulnerability on Serv-U 15.4CVE-2023-40053

4.6 Medium

12/05/202312/05/2023Serv-U 15.4.1
SQL Injection Remote Code Execution VulnerabilityCVE-2023-40056

8.0 High

11/28/2023SolarWinds Platform 2023.4.2
Sensitive Information Disclosure VulnerabilityCVE-2023-33228

4.5 Medium

11/01/2023Network Configuration Manager 2023.4
Insecure Job Execution Mechanism VulnerabilityCVE-2023-40061

7.1 High

11/01/2023SolarWinds Platform 2023.4
Directory Traversal Remote Code Execution VulnerabilityCVE-2023-33226

8.0 High

11/01/2023Network Configuration Manager 2023.4
Directory Traversal Remote Code Execution VulnerabilityCVE-2023-33227

8.0 High

11/01/202311/01/2023Network Configuration Manager 2023.4
SolarWinds Platform Incomplete List of Disallowed Inputs Remote Code Execution VulnerabilityCVE-2023-40062

8.0 High

11/01/2023SolarWinds Platform 2023.4
Directory Traversal Remote Code Execution VulnerabilityCVE-2023-40055

8.0 High

11/01/2023Network Configuration Manager 2023.4.1
Directory Traversal Remote Code Execution VulnerabilityCVE-2023-40054

8.0 High

11/01/2023Network Configuration Manager 2023.4.1
Apache ActiveMQ VulnerabilityCVE-2023-46604

10.0 Critical

10/27/202310/28/2023
SolarWinds ARM Deserialization of Untrusted Data Remote Code Execution VulnerabilityCVE-2023-35184

8.8 High

10/18/202310/18/2023SolarWinds ARM 2023.2.1
SolarWinds ARM Deserialization of Untrusted Data Remote Code Execution VulnerabilityCVE-2023-35184

8.8 High

10/18/202310/18/2023SolarWinds ARM 2023.2.1
SolarWinds Access Rights Manager Incorrect Default Permissions Local Privilege Escalation VulnerabilityCVE-2023-35183

7.8 High

10/18/202310/18/2023SolarWinds ARM 2023.2.1
SolarWinds Access Rights Manager Directory Traversal Remote Code Execution VulnerabilityCVE-2023-35187

8.8 High

10/18/202310/18/2023SolarWinds ARM 2023.2.1
SolarWinds ARM Deserialization of Untrusted Data Remote Code Execution VulnerabilityCVE-2023-35186

8.0 High

10/18/202310/18/2023SolarWinds ARM 2023.2.1
SolarWinds Access Rights Manager OpenFile Directory Traversal Remote Code Execution VulnerabilityCVE-2023- 35185

8.8 High

10/18/202310/18/2023SolarWinds ARM 2023.2.1
SolarWinds ARM Deserialization of Untrusted Data Remote Code Execution VulnerabilityCVE-2023-35182

8.8 High

10/18/202310/18/2023SolarWinds ARM 2023.2.1
SolarWinds Access Rights Manager Incorrect Default Permissions Local Privilege Escalation VulnerabilityCVE-2023-35181

7.8 High

10/18/202310/18/2023SolarWinds ARM 2023.2.1
SolarWinds Access Rights Manager Deserialization of Untrusted Data Remote Code Execution VulnerabilityCVE-2023-35180

8.0 High

10/18/202310/18/2023SolarWinds ARM 2023.2.1
Recommendations for SolarWinds productsCVE-2023-44487

7.5 High

10/10/202310/20/2023
MFA/2FA Bypass Vulnerability in Serv-U 15.4: Serv-U 15.4 and 15.4 HF1CVE-2023-40060

6.6 Medium

08/30/202308/30/2023Serv-U 15.4 HF2
MFA/2FA Bypass Vulnerability in Serv-U 15.4CVE-2023-35179

6.6 Medium

08/04/202308/04/2023Serv-U 15.4 HF1
SolarWinds Platform Incorrect Behavior Order VulnerabilityCVE-2023-33224

6.8 Medium

07/18/202307/18/2023SolarWinds Platform 2023.3
SolarWinds Platform Incomplete List of Disallowed Inputs VulnerabilityCVE-2023-23844

6.8 Medium

07/18/202307/18/2023SolarWinds Platform 2023.3
SolarWinds Platform Exposed Dangerous Method VulnerabilityCVE-2023-23840

6.8 Medium

07/18/202307/18/2023SolarWinds Platform 2023.3.1
Cross-Site Scripting VulnerabilityCVE-2023-33231

5.4 Medium

07/18/202307/18/2023Database Performance Analyzer(DPA) 2023.2.100
SolarWinds Platform Incorrect Input Neutralization VulnerabilityCVE-2023-33229

3.1 Low

07/18/202307/18/2023SolarWinds Platform 2023.3
SolarWinds Platform Deserialization of Untrusted Data VulnerabilityCVE-2023-33225

6.8 Medium

07/18/202307/18/2023SolarWinds Platform 2023.3
SolarWinds Platform Exposed Dangerous Method VulnerabilityCVE-2023-23845

6.8 Medium

07/18/202307/18/2023SolarWinds Platform 2023.3.1
SolarWinds Platform Incorrect Comparison VulnerabilityCVE-2023-23843

6.8 Medium

07/18/202307/18/2023SolarWinds Platform 2023.3
SolarWinds Network Configuration Manager Directory Traversal VulnerabilityCVE-2023-23842

6.8 Medium

07/18/202307/18/2023Network Configuration Manager 2023.3
SolarWinds Platform Access Control Bypass VulnerabilityCVE-2023-3622

4.6 Medium

07/18/202307/18/2023SolarWinds Platform 2023.3
SolarWinds Serv-U Exposure of Sensitive Information VulnerabilityCVE-2023-23841

4.8 Medium

05/17/202305/17/2023Serv-U 15.4
SolarWinds Platform Exposure of Sensitive Information VulnerabilityCVE-2023-23839

6.8 Medium

04/20/202304/20/2023SolarWinds Platform 2023.2
SolarWinds Platform Local Privilege Escalation VulnerabilityCVE-2022-47505

7.8 High

04/18/202304/18/2023SolarWinds Platform 2023.2
SolarWinds Platform Incorrect Input Neutralization VulnerabilityCVE-2022-47509

4.3 Medium

04/18/202304/18/2023SolarWinds Platform 2023.2
SolarWinds Platform Command Injection VulnerabilityCVE-2022-36963

8.8 High

04/18/202304/18/2023SolarWinds Platform 2023.2
No Exception Handling VulnerabilityCVE-2023-23837

4.3 Medium

04/18/202304/18/2023Database Performance Analyzer (DPA) 2023.2
Directory traversal and file enumeration vulnerabilityCVE-2023-23838

4.0

Medium

04/18/202304/18/2023Database Performance Analyzer (DPA) 2023.2
SolarWinds Platform Deserialization of Untrusted Data VulnerabilityCVE-2022-38111

7.2 Medium

02/15/202302/15/2023SolarWinds Platform 2023.1
SolarWinds Platform Directory TraversalCVE-2022-47506

8.8 High

02/15/202302/15/2023SolarWinds Platform 2023.1
SolarWinds Platform Deserialization of Untrusted Data VulnerabilityCVE-2023-23836

8.8 High

02/15/202302/15/2023SolarWinds Platform 2023.1
SolarWinds Platform Deserialization of Untrusted Data VulnerabilityCVE-2022-47507

8.8 High

02/15/202302/15/2023SolarWinds Platform 2023.1
SolarWinds Platform Deserialization of Untrusted Data VulnerabilityCVE-2022-47504

8.8 High

02/15/202302/15/2023SolarWinds Platform 2023.1
SolarWinds Platform Deserialization of Untrusted Data VulnerabilityCVE-2022-47503

8.8 High

02/15/202302/15/2023SolarWinds Platform 2023.1
Disable NTLM: SAM 2022.4CVE-2022-47508

7.5 High

02/15/202302/15/2023Hybrid Cloud Observability 2023.1
Sensitive Information Disclosure VulnerabilityCVE-2022-38112

6.3 Medium

01/18/2023Database Performance Analyzer 2023.1
Reflected Cross-Site Scripting VulnerabilityCVE-2022-38110

6.3 Medium

01/18/2023Database Performance Analyzer 2023.1
Sensitive Data Disclosure VulnerabilityCVE-2022-47512

6.0 Medium

12/16/2022Hybrid Cloud Observability / SolarWinds Platform 2022.4.1
Cross-Site Scripting Vulnerability in Serv-U Web ClientCVE-2022-38106

7.5 High

12/15/2022Serv-U 15.3.2
Common Key Vulnerability in Serv-U FTP ServerCVE-2021-35252

6.5 Medium

12/15/2022Serv-U 15.3.2
Unprotected Transport of Credentials (HSTS) VulnerabilityCVE-2021-35246

5.3 Medium

11/22/2022Engineer’s Toolset 2022.4 Desktop
SolarWinds Platform Improper Input ValidationCVE-2022-36960

8.8 High

11/22/2022SolarWinds Platform 2022.4
SolarWinds Platform Deserialization of Untrusted DataCVE-2022-36964

8.8 High

11/22/2022SolarWinds Platform 2022.4
SolarWinds Platform Command InjectionCVE-2022-36962

7.2 High

11/22/2022SolarWinds Platform 2022.4
Insecure Methods VulnerabilityCVE-2022-38115

3.1 Low

11/22/202211/22/2022SEM 2022.4
Information Disclosure VulnerabilityCVE-2022-38113

3.1 Low

11/22/202211/22/2022SEM 2022.4
Client-Side Desync VulnerabilityCVE-2022-38114

3.7 Low

11/22/202211/22/2022SEM 2022.4
OpenSSL buffer overflows in punycode decoding functionsCVE-2022-3602 CVE-2022-3786

7.5 High

7.5 High

11/01/202211/10/2022OpenSSL 3.0.7
Apache Commons Text4Shell VulnerabilityCVE-2022-42889

9.8 Critical

10/26/202210/27/2022
SolarWinds Platform Deserialization of Untrusted DataCVE-2022-38108

7.2 High

10/19/2022SolarWinds Platform 2022.4 RC1
SolarWinds Platform Deserialization of Untrusted DataCVE-2022-36958

8.8 High

10/19/2022SolarWinds Platform 2022.4 RC1
SolarWinds Platform Deserialization of Untrusted DataCVE-2022-36957

7.2 High

10/19/2022SolarWinds Platform 2022.4 RC1
Insecure Direct Object Reference Vulnerability: SolarWinds Platform 2022.3CVE-2022-36966

5.9 Medium

10/19/2022SolarWinds Platform 2022.4 RC1
Sensitive Data Disclosure VulnerabilityCVE-2022-38107

4.3 Medium

10/18/202210/18/2022SQL Sentry 2022.4
Stored and DOM XSS in QoE Applications: Orion PlatformCVE-2022-36965

7.1 High

09/28/2022SolarWinds Platform 2022.3
SQL Injection in Orion PlatformCVE-2022-36961

8.0 High

09/28/2022SolarWinds Platform 2022.3
Hashed Credential Exposure VulnerabilityCVE-2021-35226

2.7 Low

09/28/2022Hybrid Cloud Observability 2022.3
Domain Admin Broken Access ControlCVE-2021-35249

4.3 Medium

05/17/2022Serv-U 15.3.1
Cross-Site Scripting Vulnerability using SQL QueryCVE-2021-35229

6.8 High

04/19/2022DPA 2022.2
0-day Vulnerabilities in SpringCVE-2022-22963 CVE-2022-22965

N/A

03/31/202204/11/202200.000
Authenticated Remote Code Execution in Web Help Desk 12.7.8CVE-2021-35254

8.2 High

03/24/202203/24/2022Web Help Desk 12.7.8 HF1
Directory Transversal Vulnerability in Serv-U 15.3CVE-2021-35250

7.5 High

03/02/202203/02/2022Serv-U 15.3 HF 1
Sensitive Data Disclosure VulnerabilityCVE-2021-35251

5.3 Medium

02/15/202202/15/2022WHD 12.7.8
Improper Input Validation Vulnerability in Serv-UCVE-2021-35247

4.3 Medium

01/18/202201/18/2022Serv-U 15.3
HTTP PUT & DELETE Methods EnabledCVE-2021-35243

5.3 Medium

12/24/2021Web Help Desk 12.7.7 HF1
Unrestricted File Upload Causing Remote Code Execution: Orion 2020.2.6CVE-2021-35244

6.8 High

12/20/2021Orion 2020.2.6 HF3
Unrestricted access to Orion.UserSettings SWIS entity for low-privilege usersCVE-2021-35248

6.8 Medium

12/20/2021Orion 2020.2.6 HF3
Exposed Dangerous Functions - Privileged EscalationCVE-2021-35234

8.0 High

12/20/2021Orion Platform 2020.2.6 HF3
JMSAppender Associated with Log4j VulnerabilityCVE-2021-4104

8.1 High

12/17/202112/17/2021
JNDI Lookup Functionality Associated with Log4j VulnerabilityCVE-2021-45046

9.0 Critical

12/14/202112/23/2021
Apache Log4j Critical VulnerabilityCVE-2021-44228

10.0 Critical

12/12/202101/14/2022
A valid CSRF token is present in response to an invalid requestCVE-2021-35242

8.3 High

12/03/202112/03/2021Serv-U 15.2.5
Broken Access Control Vulnerability for Serv-UCVE-2021-35245

8.4 High

12/02/202112/02/2021Serv-U 15.2.5
Unquoted Path Vulnerability (SMB Login) with Kiwi CatToolsCVE-2021-35230

6.7 Medium

10/19/2021Kiwi CatTools 3.12
Unquoted Path Vulnerability - SMB LoginCVE-2021-35231

6.7 Medium

10/19/2021Kiwi Syslog Server 9.8
Reflected Cross Site Scripting affecting SolarWinds: DPA 2021.3.7388CVE-2021-35228

5.5 Medium

10/19/2021DPA 2021.3.7438
NPM Netpath Horizontal Privilege Escalation VulnerabilityCVE-2021-35225

5.0 Medium

10/19/2021NPM 2020.2.6 HF2
Missing Secure Flag from SSL Cookie VulnerabilityCVE-2021-35236

3.1 Low

10/19/2021Kiwi Syslog Server 9.8
Insecure Web Header Vulnerability - RabbitMQLoginCVE-2021-35227

4.7 Medium

10/19/2021ARM 2021.4
HTTP TRACK and TRACK Methods Enabled VulnerabilityCVE-2021-35233

5.3 Medium

10/19/2021Kiwi Syslog Server 9.8
Clickjacking VulnerabilityCVE-2021-35237

5.0 Medium

10/19/2021Kiwi Syslog Server 9.8
ASP.NET Debug Feature Enabled VulnerabilityCVE-2021-35235

5.3 Medium

10/19/2021Kiwi Syslog Server 9.8
Pingdom Session Management VulnerabilityCVE-2021-35214

4.8 Medium

09/13/2021Pingdom
Critical bug in SolarWinds Web Help Desk allows an attacker to execute Arbitrary Hibernate QueriesCVE-2021-35232

6.8 Medium

09/13/2021Web Help Desk 12.7.7 Hotfix 1
Insecure Deserialization Of Untrusted Data Causing Remote Code Execution VulnerabilityCVE-2021-35217

8.9 High

08/20/2021Patch Manager 2020.2.6 HF1
Execute Command Function Allows RCE VulnerabilityCVE-2021-35223

8.5 High

08/20/2021Serv-U 15.2.4
Access Restriction Bypass Via Referrer Spoof - Business Logic Bypass VulnerabilityCVE-2021-32076

5.8 Medium

08/20/2021Web Help Desk 12.7.6
Stored XSS Via Maps Text Box Hyperlink VulnerabilityCVE-2021-35239

7.5 High

07/20/202108/24/2021Orion Platform 2020.2.6 HF1
Stored XSS Via Help Server Setting VulnerabilityCVE-2021-35240

6.5 High

07/20/202108/24/2021Orion Platform 2020.2.6 HF1
Stored XSS Through URL POST Parameter In CreateExternalWebsite VulnerabilityCVE-2021-35238

7.1 High

07/20/202108/24/2021Orion Platform 2020.2.6 HF1
Resource.aspx Reflected Cross-Site Scripting VulnerabilityCVE-2021-35222

8.0 High

07/15/202108/24/2021Orion Platform 2020.2.6 HF1
Privilege Escalation VulnerabilityCVE-2021-31217

6.5 Medium

07/15/2021Dameware 12.2
Orion User setting Improper Access Control Privilege Escalation VulnerabilityCVE-2021-35213

8.9 High

07/15/2021Orion Platform 2020.2.6
Insecure Deserialization Of Untrusted Data Causing Remote Code Execution VulnerabilityCVE-2021-35216

8.9 High

07/15/2021Patch Manager 2020.2.6
ImportAlert Improper Access Control Tampering VulnerabilityCVE-2021-35221

6.3 Medium

07/15/202108/24/2021Orion Platform 2020.2.6 HF 1
ExportToPdfCmd Arbitrary File Read Information Disclosure VulnerabilityCVE-2021-35219

6.0 Medium

07/15/202108/24/2021Orion Platform 2020.2.6 HF1
EmailWebPage Command Injection Remote Code Execution VulnerabilityCVE-2021-35220

8.1 High

07/15/202108/24/2021Orion Platform 2020.2.6 HF1
Chart Endpoint Deserialization of Untrusted Data RCE VulnerabilityCVE-2021-35218

8.9 High

07/15/2021Patch Manager 2020.2.6
Blind SQL Injection VulnerabilityCVE-2021-35212

8.9 High

07/15/2021Orion Platform 2020.2.5 HF1, 2020.2.6, 2019.4.2, 2019.2 HF4
ActionPluginBaseView Deserialization of Untrusted Data RCE VulnerabilityCVE-2021-35215

8.9 High

07/15/2021Orion Platform 2020.2.6
Serv-U Remote Memory Escape VulnerabilityCVE-2021-35211

9.0 Critical

07/09/202107/15/2021Serv-U 15.2.3 HF2
Broken Access Control On Node Management VulnerabilityCVE-2021-28674

4.6 Medium

05/13/2021Orion Platform 2020.2.6, 2020.2.5 HF1
SenderEmail Parameter XSS VulnerabilityCVE-2021-32604

6.9 Medium

05/05/2021Serv-U 15.2.3
SolarWinds Orion Job Scheduler Remote Code Execution VulnerabilityCVE-2021-31475

8.8 High

03/25/2021Orion Platform 2020.2.5
SaveUserSetting Improper Access Control Privilege Escalation VulnerabilityCVE-2021-27258

8.9 High

03/25/2021Orion Platform 2020.2.4
Reverse Tabnabbing and Open Redirect VulnerabilityCVE-2021-3109

4.3 Medium

03/25/2021Orion Platform 2020.2.5
RCE via Actions and JSON Deserialization VulnerabilityCVE-2021-31474

9.1 Critical

03/25/2021Orion Platform 2020.2.5
Deserialization of Untrusted Data Privilege Escalation VulnerabilityCVE-2021-27277

8.8 High

03/25/202104/14/2021SAM 2020.2.5
Unprivileged Users can get DBO owner Access VulnerabilityCVE-2021-25275

8.2 High

02/05/2021Web Help Desk 12.7.7 HF1
MSMQ Remote Code Execution VulnerabilityCVE-2021-25274

8.3 High

02/05/2021Orion Platform 2020.2.4, 2019.4.2, 2019.2 HF4
Windows "Users" Directory Weak ACLs VulnerabilityCVE-2021-25276

8.8 High

01/18/202102/04/2021Serv-U 15.2.2 HF 1
Deserialization of Untrusted Data Privilege Escalation VulnerabilityCVE-2021-27240

8.7 High

12/15/2020Patch Manager 2020.2.1 HF 1
Heap Memory Corruption With RSA Private Key OperationCVE-2022-2274

9.8 Critical