Solarwinds Latest Vulnerabilities
December 10
SolarWinds Web Help Desk vulnerability only affects limited installations
CVE-2024-45709
SolarwindsWeb Help Desk5.3MEDIUM
December 4
SolarWinds Platform Vulnerable to XSS Attack
CVE-2024-45717
SolarwindsSolarwinds Platform7HIGH
October 17
SolarWinds Kiwi CatTools Vulnerability: Sensitive Data at Risk
CVE-2024-45713
SolarwindsKiwi Cattools5.1MEDIUM
October 16
SolarWinds Platform Vulnerable to Cross-Site Scripting Attack
CVE-2024-45715
SolarWindsSolarwinds Platform6.1MEDIUM
Uncontrolled Search Path Element Local Privilege Escalation Vulnerability Affects SolarWinds Platform
CVE-2024-45710
SolarWindsSolarwinds Platform7.8HIGH
SolarWinds Serv-U Directory Traversal Vulnerability
CVE-2024-45711
SolarWindsServ-u8.8HIGH
September 12
Remote Code Execution Vulnerability Affects SolarWinds ARM
CVE-2024-28991
SolarwindsAccess Rights Manager😄👾8.8HIGH
SolarWinds ARM Has a Hard-Coded Credential Bypass Vulnerability
CVE-2024-28990
SolarwindsAccess Rights Manager9.8CRITICAL
August 21
Unauthenticated Access to Internal Functionality and Data via Hardcoded Credentials
CVE-2024-28987
SolarwindsWeb Help Desk😄👾9.1CRITICAL
August 13
SolarWinds Web Help Desk Vulnerable to Remote Code Execution
CVE-2024-28986
SolarwindsWeb Help Desk👾9.8CRITICAL
July 17
Authentication Bypass Vulnerability Affects SolarWinds Access Rights Manager
CVE-2024-23471
SolarwindsAccess Rights Manager9.8CRITICAL
Unauthorized Remote Code Execution Vulnerability Affects Access Rights Manager
CVE-2024-23470
SolarwindsAccess Rights Manager9.8CRITICAL
SolarWinds Access Rights Manager Vulnerability Remains Unfixed Despite Prior Attempts to Address
CVE-2024-28074
SolarwindsAccess Rights Manager9.8CRITICAL
SolarWinds Access Rights Manager vulnerable to Directory Traversal and Information Disclosure Attack
CVE-2024-23467
SolarwindsAccess Rights Manager9.8CRITICAL
Unauthenticated Directory Traversal Vulnerability Affects SolarWinds ARM
CVE-2024-23466
SolarwindsAccess Rights Manager9.8CRITICAL
Unauthenticated Domain Admin Access Vulnerability Discovered in SolarWinds Access Rights Manager
CVE-2024-23465
SolarwindsAccess Rights Manager9.8CRITICAL
SolarWinds ARM Vulnerable to Remote Code Execution
CVE-2024-23469
SolarwindsAccess Rights Manager9.8CRITICAL
Unauthenticated Arbitrary File Deletion and Information Disclosure Vulnerability Affects SolarWinds Access Rights Manager
CVE-2024-23475
SolarwindsAccess Rights Manager9.8CRITICAL
ARM Vulnerable to Directory Traversal
CVE-2024-23472
SolarwindsAccess Rights Manager8.8HIGH
SolarWinds Access Rights Manager Vulnerability Allows Unauthorized File Deletion and Information Disclosure
CVE-2024-28993
SolarwindsAccess Rights Manager9.4CRITICAL
UnAuthenticated File Deletion and Information Disclosure Vulnerability in SolarWinds Access Rights Manager
CVE-2024-28992
SolarwindsAccess Rights Manager9.4CRITICAL
SolarWinds Access Rights Manager Vulnerable to Directory Traversal and Information Disclosure
CVE-2024-23468
SolarwindsAccess Rights Manager9.4CRITICAL
SolarWinds Access Rights Manager Vulnerable to File Deletion and Information Disclosure
CVE-2024-23474
SolarwindsAccess Rights Manager9.8CRITICAL
June 6
SolarWinds Serv-U Vulnerable to Directory Transversal Attack
CVE-2024-28995
SolarwindsSolarwinds Serv-u😄👾7.5HIGH
June 4
SolarWinds Platform Vulnerable to Stored Cross-Site Scripting
CVE-2024-29004
SolarwindsSolarwinds Platform4.8MEDIUM
SolarWinds Platform Affected by Race Condition Vulnerability
CVE-2024-28999
SolarwindsSolarwinds Platform👾8.1HIGH
SolarWinds Platform Affected by SWQL Injection Vulnerability
CVE-2024-28996
SolarwindsSolarwinds Platform8.1HIGH
May 20
SolarWinds Platform Vulnerable to Reflected Cross-Site Scripting
CVE-2024-29000
SolarwindsSolarwinds Platform7.9HIGH
May 14
SolarWinds Access Rights Manager Vulnerable to Remote Code Execution
CVE-2024-28075
SolarwindsAccess Rights Manager9CRITICAL
SolarWinds Access Rights Manager Vulnerability Allows Bypass of Credential Authentication
CVE-2024-23473
SolarwindsAccess Rights Manager8.6HIGH
May 3
Arbitrary File Overwrite Vulnerability in Log Output
CVE-2024-28072
SolarwindsServ-u5.7MEDIUM
April 18
SolarWinds Platform Vulnerable to XSS Attack
CVE-2024-29003
SolarwindsSolarwinds Platform7.5HIGH
SolarWinds Platform SWQL Injection Vulnerability
CVE-2024-29001
SolarwindsSolarwinds Platform7.5HIGH
April 17
SolarWinds Serv-U Vulnerable to Directory Traversal Remote Code Execution
CVE-2024-28073
SolarwindsServu8.4HIGH
March 1
SolarWinds Security Event Manager Vulnerable to Remote Code Execution
CVE-2024-0692
SolarwindsSecurity Event Manager 😄8.8HIGH
February 15
SolarWinds Access Rights Manager Vulnerable to Remote Code Execution
CVE-2023-40057
SolarwindsAccess Rights Manager9CRITICAL
SolarWinds ARM Vulnerable to Directory Traversal Remote Code Execution
CVE-2024-23477
SolarwindsAccess Rights Manager7.9HIGH
SolarWinds ARM Vulnerable to Directory Traversal Remote Code Execution
CVE-2024-23476
SolarwindsAccess Rights Manager9.6CRITICAL
SolarWinds ARM Vulnerable to Remote Code Execution
CVE-2024-23478
SolarwindsAccess Rights Manager8HIGH
SolarWinds ARM Vulnerable to Directory Traversal Remote Code Execution
CVE-2024-23479
SolarwindsAccess Rights Manager9.6CRITICAL
February 6
SolarWinds Platform SQL Injection Remote Code Execution Vulnerability
CVE-2023-35188
SolarwindsSolarWinds Platform 8.8HIGH
SolarWinds Platform SQL Injection Remote Code Execution Vulnerability
CVE-2023-50395
SolarwindsSolarWinds Platform 8.8HIGH
December 21
Sensitive Information Disclosure Vulnerability
CVE-2023-40058
SolarwindsAccess Rights Manager6.5MEDIUM
December 6
HTML injection Vulnerability in Serv-U 15.4
CVE-2023-40053
SolarWindsServ-U4.6MEDIUM
November 28
SolarWinds Platform SQL Injection Remote Code Execution Vulnerability
CVE-2023-40056
SolarwindsSolarWinds Platform 8.8HIGH
November 9
SolarWinds Network Configuration Manager Directory Traversal Remote Code Execution Vulnerability
CVE-2023-40055
SolarwindsNetwork Configuration ...8HIGH
SolarWinds Network Configuration Manager Directory Traversal Remote Code Execution Vulnerability
CVE-2023-40054
SolarwindsNetwork Configuration ...8HIGH
November 1
Incomplete List of Disallowed Inputs Remote Code Execution Vulnerability
CVE-2023-40062
SolarwindsSolarwinds Platform8HIGH
Insecure Job Execution Mechanism Vulnerability
CVE-2023-40061
SolarwindsSolarwinds Platform8.8HIGH
SolarWinds Network Configuration Manager Sensitive Information Disclosure Vulnerability
CVE-2023-33228
SolarwindsNetwork Configuration ...4.5MEDIUM
Directory Traversal Remote Code Execution Vulnerability
CVE-2023-33226
SolarwindsNetwork Configuration ...8HIGH
Directory Traversal Remote Code Execution Vulnerability
CVE-2023-33227
SolarwindsNetwork Configuration ...8HIGH
October 19
SolarWinds Access Rights Manager Deserialization of Untrusted Data Remote Code Execution Vulnerability
CVE-2023-35186
SolarwindsAccess Rights Manager8HIGH
SolarWinds Access Rights Manager Incorrect Default Permissions Local Privilege Escalation Vulnerability
CVE-2023-35181
SolarwindsAccess Rights Manager7.8HIGH
SolarWinds Access Rights Manager Deserialization of Untrusted Data Remote Code Execution Vulnerability
CVE-2023-35184
SolarwindsAccess Rights Manager8.8HIGH
SolarWinds Access Rights Manager Deserialization of Untrusted Data Remote Code Execution Vulnerability
CVE-2023-35180
SolarwindsAccess Rights Manager8HIGH
SolarWinds Access Rights Manager Incorrect Default Permissions Local Privilege Escalation Vulnerability
CVE-2023-35183
SolarwindsAccess Rights Manager7.8HIGH
SolarWinds Access Rights Manager Deserialization of Untrusted Data Remote Code Execution Vulnerability
CVE-2023-35182
SolarwindsAccess Rights Manager8.8HIGH
SolarWinds Access Rights Manager OpenFile Directory Traversal Remote Code Execution Vulnerability
CVE-2023-35185
SolarwindsAccess Rights Manager6.8MEDIUM
SolarWinds Access Rights Manager Directory Traversal Remote Code Execution Vulnerability
CVE-2023-35187
SolarwindsAccess Rights Manager8.8HIGH
September 13
SolarWinds Platform Exposed Dangerous Method Vulnerability
CVE-2023-23845
SolarWindsSolarWinds Platform7.2HIGH
SolarWinds Platform Exposed Dangerous Method Vulnerability
CVE-2023-23840
SolarWindsSolarWinds Platform7.2HIGH
September 7
2FA/MFA Bypass Vulnerability in Serv-U 15.4 and 15.4 Hotfix 1
CVE-2023-40060
SolarwindsServ-U7.2HIGH
August 11
2FA/MFA Bypass Vulnerability in Serv-U 15.4
CVE-2023-35179
SolarwindsServ-u7.2HIGH
July 26
Access Control Bypass Vulnerability in the SolarWinds Platform
CVE-2023-3622
SolarwindsSolarWinds Platform 4.3MEDIUM
SolarWinds Network Configuration Manager Directory Traversal Vulnerability
CVE-2023-23842
SolarwindsNetwork Configuration ...7.2HIGH
SolarWinds Platform Incorrect Input Neutralization Vulnerability
CVE-2023-33229
SolarwindsSolarwinds Platform3.5LOW
SolarWinds Platform Incomplete List of Disallowed Inputs Vulnerability
CVE-2023-23844
SolarwindsSolarwinds Platform7.2HIGH
SolarWinds Platform Deserialization of Untrusted Data Vulnerability
CVE-2023-33225
SolarWindsSolarWinds Platform7.2HIGH
SolarWinds Platform Incorrect Behavior Order Vulnerability
CVE-2023-33224
SolarwindsSolarwinds Platform7.2HIGH
SolarWinds Platform Incorrect Comparison Vulnerability
CVE-2023-23843
SolarwindsSolarwinds Platform7.2HIGH
July 18
XSS in SolarWinds Database Performance Analyzer 2023.2
CVE-2023-33231
SolarwindsDpa6.1MEDIUM
June 15
SolarWinds Serv-U Exposure of Sensitive Information Vulnerability
CVE-2023-23841
SolarwindsServu7.5HIGH
April 25
No Exception Handling Vulnerability: Database Performance Analyzer (DPA) 2023.1
CVE-2023-23837
SolarWindsDatabase Performance A...7.5HIGH
Directory traversal and file enumeration vulnerability: Database Performance Analyzer (DPA) 2023.1
CVE-2023-23838
SolarWindsDatabase Performance A...6.5MEDIUM
SolarWinds Platform Exposure of Sensitive Information Vulnerability
CVE-2023-23839
SolarWindsSolarWinds Platform6.5MEDIUM
April 21
SolarWinds Platform Incorrect Input Neutralization Vulnerability
CVE-2022-47509
SolarwindsSolarwinds Platform6.1MEDIUM
SolarWinds Platform Local Privilege Escalation Vulnerability
CVE-2022-47505
SolarwindsSolarwinds Platform7.8HIGH
February 15
SolarWinds Platform Deserialization of Untrusted Data Vulnerability
CVE-2022-47507
SolarWindsSolarWinds Platform7.2HIGH
SolarWinds Platform Directory Traversal Vulnerability
CVE-2022-47506
SolarWindsSolarWinds Platform7.8HIGH
SolarWinds Platform Deserialization of Untrusted Data Vulnerability
CVE-2022-47503
SolarwindsSolarwinds Platform7.2HIGH
SolarWinds Platform Deserialization of Untrusted Data Vulnerability
CVE-2022-38111
SolarwindsSolarwinds Platform7.2HIGH
SolarWinds Platform Deserialization of Untrusted Data Vulnerability
CVE-2023-23836
SolarWindsSolarWinds Platform7.2HIGH
SolarWinds Platform Deserialization of Untrusted Data Vulnerability
CVE-2022-47504
SolarwindsSolarwinds Platform7.2HIGH
Disable NTLM: SAM 2022.4
CVE-2022-47508
SolarwindsServer & Application M...7.5HIGH
January 20
Sensitive Information Disclosure Vulnerability
CVE-2022-38112
SolarwindsDatabase Performance A...7.5HIGH
Reflected Cross-Site Scripting Vulnerability
CVE-2022-38110
SolarwindsDatabase Performance A...5.4MEDIUM
CVE-2022-47012
SolarwindsDynamips7.5HIGH
December 19
Sensitive Data Disclosure Vulnerability
CVE-2022-47512
SolarwindsHybrid Cloud Observabi...5.5MEDIUM
December 16
Cross-Site Scripting Vulnerability in Serv-U Web Client
CVE-2022-38106
SolarwindsServ-u File Server5.4MEDIUM
Common Key Vulnerability in Serv-U FTP Server
CVE-2021-35252
SolarwindsServ-u Ftp Server7.5HIGH
November 29
SolarWinds Platform Deserialization of Untrusted Data
CVE-2022-36964
SolarwindsSolarwinds Platform8.8HIGH
SolarWinds Platform Command Injection
CVE-2022-36962
SolarwindsSolarwinds Platform7.2HIGH
SolarWinds Platform Improper Input Validation
CVE-2022-36960
SolarwindsSolarwinds Platform8.8HIGH
November 23
Unprotected Transport of Credentials (HSTS) Vulnerability
CVE-2021-35246
SolarwindsEngineer's Toolset5.3MEDIUM
Information Disclosure Vulnerability
CVE-2022-38113
SolarwindsSolarwinds Sem5.3MEDIUM
Insecure Methods Vulnerability
CVE-2022-38115
SolarwindsSolarwinds Sem5.3MEDIUM
Client-Side Desync Vulnerability
CVE-2022-38114
SolarwindsSolarwinds Sem6.1MEDIUM
October 20
Insecure Direct Object Reference Vulnerability: Orion Platform 2020.2.6
CVE-2022-36966
SolarwindsSolarwinds Platform5.4MEDIUM
SolarWinds Platform Deserialization of Untrusted Data
CVE-2022-36957
SolarwindsSolarwinds Platform7.2HIGH