Solarwinds Latest Vulnerabilities

December 10

SolarWinds Web Help Desk vulnerability only affects limited installations

CVE-2024-45709
SolarwindsWeb Help Desk5.3MEDIUM

December 4

SolarWinds Platform Vulnerable to XSS Attack

CVE-2024-45717
SolarwindsSolarwinds Platform7HIGH

October 17

SolarWinds Kiwi CatTools Vulnerability: Sensitive Data at Risk

CVE-2024-45713
SolarwindsKiwi Cattools5.1MEDIUM

October 16

SolarWinds Platform Vulnerable to Cross-Site Scripting Attack

CVE-2024-45715
SolarWindsSolarwinds Platform6.1MEDIUM

Uncontrolled Search Path Element Local Privilege Escalation Vulnerability Affects SolarWinds Platform

CVE-2024-45710
SolarWindsSolarwinds Platform7.8HIGH

SolarWinds Serv-U Directory Traversal Vulnerability

CVE-2024-45711
SolarWindsServ-u8.8HIGH

September 12

Remote Code Execution Vulnerability Affects SolarWinds ARM

CVE-2024-28991
SolarwindsAccess Rights Manager😄👾8.8HIGH

SolarWinds ARM Has a Hard-Coded Credential Bypass Vulnerability

CVE-2024-28990
SolarwindsAccess Rights Manager9.8CRITICAL

August 21

Unauthenticated Access to Internal Functionality and Data via Hardcoded Credentials

CVE-2024-28987
SolarwindsWeb Help Desk😄👾9.1CRITICAL

August 13

SolarWinds Web Help Desk Vulnerable to Remote Code Execution

CVE-2024-28986
SolarwindsWeb Help Desk👾9.8CRITICAL

July 17

Authentication Bypass Vulnerability Affects SolarWinds Access Rights Manager

CVE-2024-23471
SolarwindsAccess Rights Manager9.8CRITICAL

Unauthorized Remote Code Execution Vulnerability Affects Access Rights Manager

CVE-2024-23470
SolarwindsAccess Rights Manager9.8CRITICAL

SolarWinds Access Rights Manager Vulnerability Remains Unfixed Despite Prior Attempts to Address

CVE-2024-28074
SolarwindsAccess Rights Manager9.8CRITICAL

SolarWinds Access Rights Manager vulnerable to Directory Traversal and Information Disclosure Attack

CVE-2024-23467
SolarwindsAccess Rights Manager9.8CRITICAL

Unauthenticated Directory Traversal Vulnerability Affects SolarWinds ARM

CVE-2024-23466
SolarwindsAccess Rights Manager9.8CRITICAL

Unauthenticated Domain Admin Access Vulnerability Discovered in SolarWinds Access Rights Manager

CVE-2024-23465
SolarwindsAccess Rights Manager9.8CRITICAL

SolarWinds ARM Vulnerable to Remote Code Execution

CVE-2024-23469
SolarwindsAccess Rights Manager9.8CRITICAL

Unauthenticated Arbitrary File Deletion and Information Disclosure Vulnerability Affects SolarWinds Access Rights Manager

CVE-2024-23475
SolarwindsAccess Rights Manager9.8CRITICAL

ARM Vulnerable to Directory Traversal

CVE-2024-23472
SolarwindsAccess Rights Manager8.8HIGH

SolarWinds Access Rights Manager Vulnerability Allows Unauthorized File Deletion and Information Disclosure

CVE-2024-28993
SolarwindsAccess Rights Manager9.4CRITICAL

UnAuthenticated File Deletion and Information Disclosure Vulnerability in SolarWinds Access Rights Manager

CVE-2024-28992
SolarwindsAccess Rights Manager9.4CRITICAL

SolarWinds Access Rights Manager Vulnerable to Directory Traversal and Information Disclosure

CVE-2024-23468
SolarwindsAccess Rights Manager9.4CRITICAL

SolarWinds Access Rights Manager Vulnerable to File Deletion and Information Disclosure

CVE-2024-23474
SolarwindsAccess Rights Manager9.8CRITICAL

June 6

SolarWinds Serv-U Vulnerable to Directory Transversal Attack

CVE-2024-28995
SolarwindsSolarwinds Serv-u😄👾7.5HIGH

June 4

SolarWinds Platform Vulnerable to Stored Cross-Site Scripting

CVE-2024-29004
SolarwindsSolarwinds Platform4.8MEDIUM

SolarWinds Platform Affected by Race Condition Vulnerability

CVE-2024-28999
SolarwindsSolarwinds Platform👾8.1HIGH

SolarWinds Platform Affected by SWQL Injection Vulnerability

CVE-2024-28996
SolarwindsSolarwinds Platform8.1HIGH

May 20

SolarWinds Platform Vulnerable to Reflected Cross-Site Scripting

CVE-2024-29000
SolarwindsSolarwinds Platform7.9HIGH

May 14

SolarWinds Access Rights Manager Vulnerable to Remote Code Execution

CVE-2024-28075
SolarwindsAccess Rights Manager9CRITICAL

SolarWinds Access Rights Manager Vulnerability Allows Bypass of Credential Authentication

CVE-2024-23473
SolarwindsAccess Rights Manager8.6HIGH

May 3

Arbitrary File Overwrite Vulnerability in Log Output

CVE-2024-28072
SolarwindsServ-u5.7MEDIUM

April 18

SolarWinds Platform Vulnerable to XSS Attack

CVE-2024-29003
SolarwindsSolarwinds Platform7.5HIGH

SolarWinds Platform SWQL Injection Vulnerability

CVE-2024-29001
SolarwindsSolarwinds Platform7.5HIGH

April 17

SolarWinds Serv-U Vulnerable to Directory Traversal Remote Code Execution

CVE-2024-28073
SolarwindsServu8.4HIGH

March 1

SolarWinds Security Event Manager Vulnerable to Remote Code Execution

CVE-2024-0692
SolarwindsSecurity Event Manager 😄8.8HIGH

February 15

SolarWinds Access Rights Manager Vulnerable to Remote Code Execution

CVE-2023-40057
SolarwindsAccess Rights Manager9CRITICAL

SolarWinds ARM Vulnerable to Directory Traversal Remote Code Execution

CVE-2024-23477
SolarwindsAccess Rights Manager7.9HIGH

SolarWinds ARM Vulnerable to Directory Traversal Remote Code Execution

CVE-2024-23476
SolarwindsAccess Rights Manager9.6CRITICAL

SolarWinds ARM Vulnerable to Remote Code Execution

CVE-2024-23478
SolarwindsAccess Rights Manager8HIGH

SolarWinds ARM Vulnerable to Directory Traversal Remote Code Execution

CVE-2024-23479
SolarwindsAccess Rights Manager9.6CRITICAL

February 6

SolarWinds Platform SQL Injection Remote Code Execution Vulnerability

CVE-2023-35188
SolarwindsSolarWinds Platform 8.8HIGH

SolarWinds Platform SQL Injection Remote Code Execution Vulnerability

CVE-2023-50395
SolarwindsSolarWinds Platform 8.8HIGH

December 21

Sensitive Information Disclosure Vulnerability

CVE-2023-40058
SolarwindsAccess Rights Manager6.5MEDIUM

December 6

HTML injection Vulnerability in Serv-U 15.4

CVE-2023-40053
SolarWindsServ-U4.6MEDIUM

November 28

SolarWinds Platform SQL Injection Remote Code Execution Vulnerability

CVE-2023-40056
SolarwindsSolarWinds Platform 8.8HIGH

November 9

SolarWinds Network Configuration Manager Directory Traversal Remote Code Execution Vulnerability

CVE-2023-40055
SolarwindsNetwork Configuration ...8HIGH

SolarWinds Network Configuration Manager Directory Traversal Remote Code Execution Vulnerability

CVE-2023-40054
SolarwindsNetwork Configuration ...8HIGH

November 1

Incomplete List of Disallowed Inputs Remote Code Execution Vulnerability

CVE-2023-40062
SolarwindsSolarwinds Platform8HIGH

Insecure Job Execution Mechanism Vulnerability

CVE-2023-40061
SolarwindsSolarwinds Platform8.8HIGH

SolarWinds Network Configuration Manager Sensitive Information Disclosure Vulnerability

CVE-2023-33228
SolarwindsNetwork Configuration ...4.5MEDIUM

Directory Traversal Remote Code Execution Vulnerability

CVE-2023-33226
SolarwindsNetwork Configuration ...8HIGH

Directory Traversal Remote Code Execution Vulnerability

CVE-2023-33227
SolarwindsNetwork Configuration ...8HIGH

October 19

SolarWinds Access Rights Manager Deserialization of Untrusted Data Remote Code Execution Vulnerability

CVE-2023-35186
SolarwindsAccess Rights Manager8HIGH

SolarWinds Access Rights Manager Incorrect Default Permissions Local Privilege Escalation Vulnerability

CVE-2023-35181
SolarwindsAccess Rights Manager7.8HIGH

SolarWinds Access Rights Manager Deserialization of Untrusted Data Remote Code Execution Vulnerability

CVE-2023-35184
SolarwindsAccess Rights Manager8.8HIGH

SolarWinds Access Rights Manager Deserialization of Untrusted Data Remote Code Execution Vulnerability

CVE-2023-35180
SolarwindsAccess Rights Manager8HIGH

SolarWinds Access Rights Manager Incorrect Default Permissions Local Privilege Escalation Vulnerability

CVE-2023-35183
SolarwindsAccess Rights Manager7.8HIGH

SolarWinds Access Rights Manager Deserialization of Untrusted Data Remote Code Execution Vulnerability

CVE-2023-35182
SolarwindsAccess Rights Manager8.8HIGH

SolarWinds Access Rights Manager OpenFile Directory Traversal Remote Code Execution Vulnerability

CVE-2023-35185
SolarwindsAccess Rights Manager6.8MEDIUM

SolarWinds Access Rights Manager Directory Traversal Remote Code Execution Vulnerability

CVE-2023-35187
SolarwindsAccess Rights Manager8.8HIGH

September 13

SolarWinds Platform Exposed Dangerous Method Vulnerability

CVE-2023-23845
SolarWindsSolarWinds Platform7.2HIGH

SolarWinds Platform Exposed Dangerous Method Vulnerability

CVE-2023-23840
SolarWindsSolarWinds Platform7.2HIGH

September 7

2FA/MFA Bypass Vulnerability in Serv-U 15.4 and 15.4 Hotfix 1

CVE-2023-40060
SolarwindsServ-U7.2HIGH

August 11

2FA/MFA Bypass Vulnerability in Serv-U 15.4

CVE-2023-35179
SolarwindsServ-u7.2HIGH

July 26

Access Control Bypass Vulnerability in the SolarWinds Platform

CVE-2023-3622
SolarwindsSolarWinds Platform 4.3MEDIUM

SolarWinds Network Configuration Manager Directory Traversal Vulnerability

CVE-2023-23842
SolarwindsNetwork Configuration ...7.2HIGH

SolarWinds Platform Incorrect Input Neutralization Vulnerability

CVE-2023-33229
SolarwindsSolarwinds Platform3.5LOW

SolarWinds Platform Incomplete List of Disallowed Inputs Vulnerability

CVE-2023-23844
SolarwindsSolarwinds Platform7.2HIGH

SolarWinds Platform Deserialization of Untrusted Data Vulnerability

CVE-2023-33225
SolarWindsSolarWinds Platform7.2HIGH

SolarWinds Platform Incorrect Behavior Order Vulnerability

CVE-2023-33224
SolarwindsSolarwinds Platform7.2HIGH

SolarWinds Platform Incorrect Comparison Vulnerability

CVE-2023-23843
SolarwindsSolarwinds Platform7.2HIGH

July 18

XSS in SolarWinds Database Performance Analyzer 2023.2

CVE-2023-33231
SolarwindsDpa6.1MEDIUM

June 15

SolarWinds Serv-U Exposure of Sensitive Information Vulnerability

CVE-2023-23841
SolarwindsServu7.5HIGH

April 25

No Exception Handling Vulnerability: Database Performance Analyzer (DPA) 2023.1

CVE-2023-23837
SolarWindsDatabase Performance A...7.5HIGH

Directory traversal and file enumeration vulnerability: Database Performance Analyzer (DPA) 2023.1

CVE-2023-23838
SolarWindsDatabase Performance A...6.5MEDIUM

SolarWinds Platform Exposure of Sensitive Information Vulnerability

CVE-2023-23839
SolarWindsSolarWinds Platform6.5MEDIUM

April 21

SolarWinds Platform Incorrect Input Neutralization Vulnerability

CVE-2022-47509
SolarwindsSolarwinds Platform6.1MEDIUM

SolarWinds Platform Local Privilege Escalation Vulnerability

CVE-2022-47505
SolarwindsSolarwinds Platform7.8HIGH

February 15

SolarWinds Platform Deserialization of Untrusted Data Vulnerability

CVE-2022-47507
SolarWindsSolarWinds Platform7.2HIGH

SolarWinds Platform Directory Traversal Vulnerability

CVE-2022-47506
SolarWindsSolarWinds Platform7.8HIGH

SolarWinds Platform Deserialization of Untrusted Data Vulnerability

CVE-2022-47503
SolarwindsSolarwinds Platform7.2HIGH

SolarWinds Platform Deserialization of Untrusted Data Vulnerability

CVE-2022-38111
SolarwindsSolarwinds Platform7.2HIGH

SolarWinds Platform Deserialization of Untrusted Data Vulnerability

CVE-2023-23836
SolarWindsSolarWinds Platform7.2HIGH

SolarWinds Platform Deserialization of Untrusted Data Vulnerability

CVE-2022-47504
SolarwindsSolarwinds Platform7.2HIGH

Disable NTLM: SAM 2022.4

CVE-2022-47508
SolarwindsServer & Application M...7.5HIGH

January 20

Sensitive Information Disclosure Vulnerability

CVE-2022-38112
SolarwindsDatabase Performance A...7.5HIGH

Reflected Cross-Site Scripting Vulnerability

CVE-2022-38110
SolarwindsDatabase Performance A...5.4MEDIUM

CVE-2022-47012
SolarwindsDynamips7.5HIGH

December 19

Sensitive Data Disclosure Vulnerability

CVE-2022-47512
SolarwindsHybrid Cloud Observabi...5.5MEDIUM

December 16

Cross-Site Scripting Vulnerability in Serv-U Web Client

CVE-2022-38106
SolarwindsServ-u File Server5.4MEDIUM

Common Key Vulnerability in Serv-U FTP Server

CVE-2021-35252
SolarwindsServ-u Ftp Server7.5HIGH

November 29

SolarWinds Platform Deserialization of Untrusted Data

CVE-2022-36964
SolarwindsSolarwinds Platform8.8HIGH

SolarWinds Platform Command Injection

CVE-2022-36962
SolarwindsSolarwinds Platform7.2HIGH

SolarWinds Platform Improper Input Validation

CVE-2022-36960
SolarwindsSolarwinds Platform8.8HIGH

November 23

Unprotected Transport of Credentials (HSTS) Vulnerability

CVE-2021-35246
SolarwindsEngineer's Toolset5.3MEDIUM

Information Disclosure Vulnerability

CVE-2022-38113
SolarwindsSolarwinds Sem5.3MEDIUM

Insecure Methods Vulnerability

CVE-2022-38115
SolarwindsSolarwinds Sem5.3MEDIUM

Client-Side Desync Vulnerability

CVE-2022-38114
SolarwindsSolarwinds Sem6.1MEDIUM

October 20

Insecure Direct Object Reference Vulnerability: Orion Platform 2020.2.6

CVE-2022-36966
SolarwindsSolarwinds Platform5.4MEDIUM

SolarWinds Platform Deserialization of Untrusted Data

CVE-2022-36957
SolarwindsSolarwinds Platform7.2HIGH