Solarwinds Latest Vulnerabilities

October 17

SolarWinds Kiwi CatTools Vulnerability: Sensitive Data at Risk

CVE-2024-45713

SolarwindsKiwi Cattools5.1MEDIUM

October 16

SolarWinds Serv-U Directory Traversal Vulnerability

CVE-2024-45711

SolarWindsServ-u8.8HIGH

Uncontrolled Search Path Element Local Privilege Escalation Vulnerability Affects SolarWinds Platform

CVE-2024-45710

SolarWindsSolarwinds Platform7.8HIGH

SolarWinds Platform Vulnerable to Cross-Site Scripting Attack

CVE-2024-45715

SolarWindsSolarwinds Platform6.1MEDIUM

September 12

Remote Code Execution Vulnerability Affects SolarWinds ARM

CVE-2024-28991

SolarwindsAccess Rights Manager😄👾8.8HIGH

SolarWinds ARM Has a Hard-Coded Credential Bypass Vulnerability

CVE-2024-28990

SolarwindsAccess Rights Manager9.8CRITICAL

August 21

Unauthenticated Access to Internal Functionality and Data via Hardcoded Credentials

CVE-2024-28987

SolarwindsWeb Help Desk😄👾9.1CRITICAL

August 13

SolarWinds Web Help Desk Vulnerable to Remote Code Execution

CVE-2024-28986

SolarwindsWeb Help Desk👾9.8CRITICAL

July 17

Authentication Bypass Vulnerability Affects SolarWinds Access Rights Manager

CVE-2024-23471

SolarwindsAccess Rights Manager9.8CRITICAL

Unauthorized Remote Code Execution Vulnerability Affects Access Rights Manager

CVE-2024-23470

SolarwindsAccess Rights Manager9.8CRITICAL

SolarWinds Access Rights Manager Vulnerability Remains Unfixed Despite Prior Attempts to Address

CVE-2024-28074

SolarwindsAccess Rights Manager9.8CRITICAL

SolarWinds Access Rights Manager vulnerable to Directory Traversal and Information Disclosure Attack

CVE-2024-23467

SolarwindsAccess Rights Manager9.8CRITICAL

Unauthenticated Directory Traversal Vulnerability Affects SolarWinds ARM

CVE-2024-23466

SolarwindsAccess Rights Manager9.8CRITICAL

Unauthenticated Domain Admin Access Vulnerability Discovered in SolarWinds Access Rights Manager

CVE-2024-23465

SolarwindsAccess Rights Manager9.8CRITICAL

SolarWinds ARM Vulnerable to Remote Code Execution

CVE-2024-23469

SolarwindsAccess Rights Manager9.8CRITICAL

Unauthenticated Arbitrary File Deletion and Information Disclosure Vulnerability Affects SolarWinds Access Rights Manager

CVE-2024-23475

SolarwindsAccess Rights Manager9.8CRITICAL

ARM Vulnerable to Directory Traversal

CVE-2024-23472

SolarwindsAccess Rights Manager8.8HIGH

SolarWinds Access Rights Manager Vulnerability Allows Unauthorized File Deletion and Information Disclosure

CVE-2024-28993

SolarwindsAccess Rights Manager9.4CRITICAL

UnAuthenticated File Deletion and Information Disclosure Vulnerability in SolarWinds Access Rights Manager

CVE-2024-28992

SolarwindsAccess Rights Manager9.4CRITICAL

SolarWinds Access Rights Manager Vulnerable to Directory Traversal and Information Disclosure

CVE-2024-23468

SolarwindsAccess Rights Manager9.4CRITICAL

SolarWinds Access Rights Manager Vulnerable to File Deletion and Information Disclosure

CVE-2024-23474

SolarwindsAccess Rights Manager9.8CRITICAL

June 6

SolarWinds Serv-U Vulnerable to Directory Transversal Attack

CVE-2024-28995

SolarwindsSolarwinds Serv-u😄👾7.5HIGH

June 4

SolarWinds Platform Vulnerable to Stored Cross-Site Scripting

CVE-2024-29004

SolarwindsSolarwinds Platform4.8MEDIUM

SolarWinds Platform Affected by Race Condition Vulnerability

CVE-2024-28999

SolarwindsSolarwinds Platform👾8.1HIGH

SolarWinds Platform Affected by SWQL Injection Vulnerability

CVE-2024-28996

SolarwindsSolarwinds Platform8.1HIGH

May 20

SolarWinds Platform Vulnerable to Reflected Cross-Site Scripting

CVE-2024-29000

SolarwindsSolarwinds Platform7.9HIGH

May 14

SolarWinds Access Rights Manager Vulnerable to Remote Code Execution

CVE-2024-28075

SolarwindsAccess Rights Manager9CRITICAL

SolarWinds Access Rights Manager Vulnerability Allows Bypass of Credential Authentication

CVE-2024-23473

SolarwindsAccess Rights Manager8.6HIGH

May 3

Arbitrary File Overwrite Vulnerability in Log Output

CVE-2024-28072

SolarwindsServ-u5.7MEDIUM

April 18

SolarWinds Platform Vulnerable to XSS Attack

CVE-2024-29003

SolarwindsSolarwinds Platform7.5HIGH

SolarWinds Platform SWQL Injection Vulnerability

CVE-2024-29001

SolarwindsSolarwinds Platform7.5HIGH

April 17

SolarWinds Serv-U Vulnerable to Directory Traversal Remote Code Execution

CVE-2024-28073

SolarwindsServu8.4HIGH

March 1

SolarWinds Security Event Manager Vulnerable to Remote Code Execution

CVE-2024-0692

SolarwindsSecurity Event Manager 😄8.8HIGH

February 15

SolarWinds Access Rights Manager Vulnerable to Remote Code Execution

CVE-2023-40057

SolarwindsAccess Rights Manager9CRITICAL

SolarWinds ARM Vulnerable to Directory Traversal Remote Code Execution

CVE-2024-23477

SolarwindsAccess Rights Manager7.9HIGH

SolarWinds ARM Vulnerable to Directory Traversal Remote Code Execution

CVE-2024-23476

SolarwindsAccess Rights Manager9.6CRITICAL

SolarWinds ARM Vulnerable to Remote Code Execution

CVE-2024-23478

SolarwindsAccess Rights Manager8HIGH

SolarWinds ARM Vulnerable to Directory Traversal Remote Code Execution

CVE-2024-23479

SolarwindsAccess Rights Manager9.6CRITICAL

February 6

SolarWinds Platform SQL Injection Remote Code Execution Vulnerability

CVE-2023-35188

SolarwindsSolarWinds Platform 8.8HIGH

SolarWinds Platform SQL Injection Remote Code Execution Vulnerability

CVE-2023-50395

SolarwindsSolarWinds Platform 8.8HIGH

December 21

Sensitive Information Disclosure Vulnerability

CVE-2023-40058

SolarwindsAccess Rights Manager6.5MEDIUM

December 6

HTML injection Vulnerability in Serv-U 15.4

CVE-2023-40053

SolarWindsServ-U4.6MEDIUM

November 28

SolarWinds Platform SQL Injection Remote Code Execution Vulnerability

CVE-2023-40056

SolarwindsSolarWinds Platform 8.8HIGH

November 9

SolarWinds Network Configuration Manager Directory Traversal Remote Code Execution Vulnerability

CVE-2023-40054

SolarwindsNetwork Configuration ...8HIGH

SolarWinds Network Configuration Manager Directory Traversal Remote Code Execution Vulnerability

CVE-2023-40055

SolarwindsNetwork Configuration ...8HIGH

November 1

Incomplete List of Disallowed Inputs Remote Code Execution Vulnerability

CVE-2023-40062

SolarwindsSolarwinds Platform8HIGH

Directory Traversal Remote Code Execution Vulnerability

CVE-2023-33226

SolarwindsNetwork Configuration ...8HIGH

Insecure Job Execution Mechanism Vulnerability

CVE-2023-40061

SolarwindsSolarwinds Platform8.8HIGH

SolarWinds Network Configuration Manager Sensitive Information Disclosure Vulnerability

CVE-2023-33228

SolarwindsNetwork Configuration ...4.5MEDIUM

Directory Traversal Remote Code Execution Vulnerability

CVE-2023-33227

SolarwindsNetwork Configuration ...8HIGH

October 19

SolarWinds Access Rights Manager Deserialization of Untrusted Data Remote Code Execution Vulnerability

CVE-2023-35180

SolarwindsAccess Rights Manager8HIGH

SolarWinds Access Rights Manager Deserialization of Untrusted Data Remote Code Execution Vulnerability

CVE-2023-35182

SolarwindsAccess Rights Manager8.8HIGH

SolarWinds Access Rights Manager Incorrect Default Permissions Local Privilege Escalation Vulnerability

CVE-2023-35181

SolarwindsAccess Rights Manager7.8HIGH

SolarWinds Access Rights Manager Incorrect Default Permissions Local Privilege Escalation Vulnerability

CVE-2023-35183

SolarwindsAccess Rights Manager7.8HIGH

SolarWinds Access Rights Manager Deserialization of Untrusted Data Remote Code Execution Vulnerability

CVE-2023-35186

SolarwindsAccess Rights Manager8HIGH

SolarWinds Access Rights Manager Directory Traversal Remote Code Execution Vulnerability

CVE-2023-35187

SolarwindsAccess Rights Manager8.8HIGH

SolarWinds Access Rights Manager Deserialization of Untrusted Data Remote Code Execution Vulnerability

CVE-2023-35184

SolarwindsAccess Rights Manager8.8HIGH

SolarWinds Access Rights Manager OpenFile Directory Traversal Remote Code Execution Vulnerability

CVE-2023-35185

SolarwindsAccess Rights Manager6.8MEDIUM

September 13

SolarWinds Platform Exposed Dangerous Method Vulnerability

CVE-2023-23840

SolarWindsSolarWinds Platform7.2HIGH

SolarWinds Platform Exposed Dangerous Method Vulnerability

CVE-2023-23845

SolarWindsSolarWinds Platform7.2HIGH

September 7

2FA/MFA Bypass Vulnerability in Serv-U 15.4 and 15.4 Hotfix 1

CVE-2023-40060

SolarwindsServ-U7.2HIGH

August 11

2FA/MFA Bypass Vulnerability in Serv-U 15.4

CVE-2023-35179

SolarwindsServ-u7.2HIGH

July 26

Access Control Bypass Vulnerability in the SolarWinds Platform

CVE-2023-3622

SolarwindsSolarWinds Platform 4.3MEDIUM

SolarWinds Network Configuration Manager Directory Traversal Vulnerability

CVE-2023-23842

SolarwindsNetwork Configuration ...7.2HIGH

SolarWinds Platform Incorrect Input Neutralization Vulnerability

CVE-2023-33229

SolarwindsSolarwinds Platform3.5LOW

SolarWinds Platform Incorrect Behavior Order Vulnerability

CVE-2023-33224

SolarwindsSolarwinds Platform7.2HIGH

SolarWinds Platform Deserialization of Untrusted Data Vulnerability

CVE-2023-33225

SolarWindsSolarWinds Platform7.2HIGH

SolarWinds Platform Incorrect Comparison Vulnerability

CVE-2023-23843

SolarwindsSolarwinds Platform7.2HIGH

SolarWinds Platform Incomplete List of Disallowed Inputs Vulnerability

CVE-2023-23844

SolarwindsSolarwinds Platform7.2HIGH

July 18

XSS in SolarWinds Database Performance Analyzer 2023.2

CVE-2023-33231

SolarwindsDpa6.1MEDIUM

June 15

SolarWinds Serv-U Exposure of Sensitive Information Vulnerability

CVE-2023-23841

SolarWindsServU7.5HIGH

April 25

SolarWinds Platform Exposure of Sensitive Information Vulnerability

CVE-2023-23839

SolarWindsSolarWinds Platform6.5MEDIUM

Directory traversal and file enumeration vulnerability: Database Performance Analyzer (DPA) 2023.1

CVE-2023-23838

SolarWindsDatabase Performance A...6.5MEDIUM

No Exception Handling Vulnerability: Database Performance Analyzer (DPA) 2023.1

CVE-2023-23837

SolarWindsDatabase Performance A...7.5HIGH

April 21

SolarWinds Platform Incorrect Input Neutralization Vulnerability

CVE-2022-47509

SolarwindsSolarwinds Platform6.1MEDIUM

SolarWinds Platform Local Privilege Escalation Vulnerability

CVE-2022-47505

SolarwindsSolarwinds Platform7.8HIGH

February 15

SolarWinds Platform Deserialization of Untrusted Data Vulnerability

CVE-2022-47504

SolarwindsSolarwinds Platform7.2HIGH

Disable NTLM: SAM 2022.4

CVE-2022-47508

SolarwindsServer & Application M...7.5HIGH

SolarWinds Platform Deserialization of Untrusted Data Vulnerability

CVE-2022-38111

SolarwindsSolarwinds Platform7.2HIGH

SolarWinds Platform Deserialization of Untrusted Data Vulnerability

CVE-2023-23836

SolarWindsSolarWinds Platform7.2HIGH

SolarWinds Platform Deserialization of Untrusted Data Vulnerability

CVE-2022-47503

SolarwindsSolarwinds Platform7.2HIGH

SolarWinds Platform Directory Traversal Vulnerability

CVE-2022-47506

SolarWindsSolarWinds Platform7.8HIGH

SolarWinds Platform Deserialization of Untrusted Data Vulnerability

CVE-2022-47507

SolarWindsSolarWinds Platform7.2HIGH

January 20

CVE-2022-47012

SolarwindsDynamips7.5HIGH

Reflected Cross-Site Scripting Vulnerability

CVE-2022-38110

SolarwindsDatabase Performance A...5.4MEDIUM

Sensitive Information Disclosure Vulnerability

CVE-2022-38112

SolarwindsDatabase Performance A...7.5HIGH

December 19

Sensitive Data Disclosure Vulnerability

CVE-2022-47512

SolarwindsHybrid Cloud Observabi...5.5MEDIUM

December 16

Common Key Vulnerability in Serv-U FTP Server

CVE-2021-35252

SolarwindsServ-u Ftp Server7.5HIGH

Cross-Site Scripting Vulnerability in Serv-U Web Client

CVE-2022-38106

SolarwindsServ-u File Server5.4MEDIUM

November 29

SolarWinds Platform Command Injection

CVE-2022-36962

SolarwindsSolarwinds Platform7.2HIGH

SolarWinds Platform Deserialization of Untrusted Data

CVE-2022-36964

SolarwindsSolarwinds Platform8.8HIGH

SolarWinds Platform Improper Input Validation

CVE-2022-36960

SolarwindsSolarwinds Platform8.8HIGH

November 23

Unprotected Transport of Credentials (HSTS) Vulnerability

CVE-2021-35246

SolarwindsEngineer's Toolset5.3MEDIUM

Information Disclosure Vulnerability

CVE-2022-38113

SolarwindsSolarwinds Sem5.3MEDIUM

Insecure Methods Vulnerability

CVE-2022-38115

SolarwindsSolarwinds Sem5.3MEDIUM

Client-Side Desync Vulnerability

CVE-2022-38114

SolarwindsSolarwinds Sem6.1MEDIUM

October 20

SolarWinds Platform Deserialization of Untrusted Data

CVE-2022-36957

SolarwindsSolarwinds Platform7.2HIGH

Insecure Direct Object Reference Vulnerability: Orion Platform 2020.2.6

CVE-2022-36966

SolarwindsSolarwinds Platform5.4MEDIUM

SolarWinds Platform Deserialization of Untrusted Data

CVE-2022-38108

SolarwindsSolarwinds Platform7.2HIGH

October 19

Sensitive Data Disclosure Vulnerability

CVE-2022-38107

SolarwindsSql Sentry5.3MEDIUM