SolarWinds Security Vulnerabilities

You can Subscribe to this RSS Feed to be notified when we update this page (note: you will need to cut and paste the "Subscribe to this RSS feed" URL into an RSS Feed Reader, e.g., Outlook's RSS Subscriptions, to monitor updates).

ADVISORY	CVE ID	SEVERITY	RELEASE DATE	LAST UPDATE	FIXED VERSION
SQL Injection Remote Code Execution Vulnerability	CVE-2023-40056	8.0 High	11/28/2023		SolarWinds Platform 2023.4.2
Directory Traversal Remote Code Execution Vulnerability	CVE-2023-40055	8.0 High	11/01/2023		Network Configuration Manager 2023.4.1
Directory Traversal Remote Code Execution Vulnerability	CVE-2023-40054	8.0 High	11/01/2023		Network Configuration Manager 2023.4.1
Directory Traversal Remote Code Execution Vulnerability	CVE-2023-33226	8.0 High	11/01/2023		Network Configuration Manager 2023.4
Sensitive Information Disclosure Vulnerability	CVE-2023-33228	4.5 Medium	11/01/2023		Network Configuration Manager 2023.4
Directory Traversal Remote Code Execution Vulnerability	CVE-2023-33227	8.0 High	11/01/2023	11/01/2023	Network Configuration Manager 2023.4
SolarWinds Platform Incomplete List of Disallowed Inputs Remote Code Execution Vulnerability	CVE-2023-40062	8.0 High	11/01/2023		SolarWinds Platform 2023.4
Insecure Job Execution Mechanism Vulnerability	CVE-2023-40061	7.1 High	11/01/2023		SolarWinds Platform 2023.4
Apache ActiveMQ Vulnerability	CVE-2023-46604	10.0 Critical	10/27/2023	10/28/2023
SolarWinds Access Rights Manager Incorrect Default Permissions Local Privilege Escalation Vulnerability	CVE-2023-35181	7.8 High	10/18/2023	10/18/2023	SolarWinds ARM 2023.2.1
SolarWinds ARM Deserialization of Untrusted Data Remote Code Execution Vulnerability	CVE-2023-35184	8.8 High	10/18/2023	10/18/2023	SolarWinds ARM 2023.2.1
SolarWinds Access Rights Manager Deserialization of Untrusted Data Remote Code Execution Vulnerability	CVE-2023-35180	8.0 High	10/18/2023	10/18/2023	SolarWinds ARM 2023.2.1
SolarWinds Access Rights Manager Directory Traversal Remote Code Execution Vulnerability	CVE-2023-35187	8.8 High	10/18/2023	10/18/2023	SolarWinds ARM 2023.2.1
SolarWinds Access Rights Manager OpenFile Directory Traversal Remote Code Execution Vulnerability	CVE-2023-35185	8.8 High	10/18/2023	10/18/2023	SolarWinds ARM 2023.2.1
SolarWinds Access Rights Manager Incorrect Default Permissions Local Privilege Escalation Vulnerability	CVE-2023-35183	7.8 High	10/18/2023	10/18/2023	SolarWinds ARM 2023.2.1
SolarWinds ARM Deserialization of Untrusted Data Remote Code Execution Vulnerability	CVE-2023-35182	8.8 High	10/18/2023	10/18/2023	SolarWinds ARM 2023.2.1
SolarWinds ARM Deserialization of Untrusted Data Remote Code Execution Vulnerability	CVE-2023-35186	8.0 High	10/18/2023	10/18/2023	SolarWinds ARM 2023.2.1
Recommendations for SolarWinds products	CVE-2023-44487	7.5 High	10/10/2023	10/20/2023
MFA/2FA Bypass Vulnerability in Serv-U 15.4: Serv-U 15.4 and 15.4 HF1	CVE-2023-40060	6.6 Medium	08/30/2023	08/30/2023	Serv-U 15.4 HF2
MFA/2FA Bypass Vulnerability in Serv-U 15.4	CVE-2023-35179	6.6 Medium	08/04/2023	08/04/2023	Serv-U 15.4 HF1
SolarWinds Platform Exposed Dangerous Method Vulnerability	CVE-2023-23845	6.8 Medium	07/18/2023	07/18/2023	SolarWinds Platform 2023.3.1
SolarWinds Platform Exposed Dangerous Method Vulnerability	CVE-2023-23840	6.8 Medium	07/18/2023	07/18/2023	SolarWinds Platform 2023.3.1
SolarWinds Platform Access Control Bypass Vulnerability	CVE-2023-3622	4.6 Medium	07/18/2023	07/18/2023	SolarWinds Platform 2023.3
SolarWinds Platform Incorrect Behavior Order Vulnerability	CVE-2023-33224	6.8 Medium	07/18/2023	07/18/2023	SolarWinds Platform 2023.3
SolarWinds Platform Incorrect Input Neutralization Vulnerability	CVE-2023-33229	3.1 Low	07/18/2023	07/18/2023	SolarWinds Platform 2023.3
SolarWinds Platform Deserialization of Untrusted Data Vulnerability	CVE-2023-33225	6.8 Medium	07/18/2023	07/18/2023	SolarWinds Platform 2023.3
SolarWinds Platform Incomplete List of Disallowed Inputs Vulnerability	CVE-2023-23844	6.8 Medium	07/18/2023	07/18/2023	SolarWinds Platform 2023.3
SolarWinds Network Configuration Manager Directory Traversal Vulnerability	CVE-2023-23842	6.8 Medium	07/18/2023	07/18/2023	Network Configuration Manager 2023.3
SolarWinds Platform Incorrect Comparison Vulnerability	CVE-2023-23843	6.8 Medium	07/18/2023	07/18/2023	SolarWinds Platform 2023.3
Cross-Site Scripting Vulnerability	CVE-2023-33231	5.4 Medium	07/18/2023	07/18/2023	Database Performance Analyzer(DPA) 2023.2.100
SolarWinds Serv-U Exposure of Sensitive Information Vulnerability	CVE-2023-23841	4.8 Medium	05/17/2023	05/17/2023	Serv-U 15.4
SolarWinds Platform Exposure of Sensitive Information Vulnerability	CVE-2023-23839	6.8 Medium	04/20/2023	04/20/2023	SolarWinds Platform 2023.2
No Exception Handling Vulnerability	CVE-2023-23837	4.3 Medium	04/18/2023	04/18/2023	Database Performance Analyzer (DPA) 2023.2
Directory traversal and file enumeration vulnerability	CVE-2023-23838	4.0 Medium	04/18/2023	04/18/2023	Database Performance Analyzer (DPA) 2023.2
SolarWinds Platform Command Injection Vulnerability	CVE-2022-36963	8.8 High	04/18/2023	04/18/2023	SolarWinds Platform 2023.2
SolarWinds Platform Incorrect Input Neutralization Vulnerability	CVE-2022-47509	4.3 Medium	04/18/2023	04/18/2023	SolarWinds Platform 2023.2
SolarWinds Platform Local Privilege Escalation Vulnerability	CVE-2022-47505	7.8 High	04/18/2023	04/18/2023	SolarWinds Platform 2023.2
SolarWinds Platform Directory Traversal	CVE-2022-47506	8.8 High	02/15/2023	02/15/2023	SolarWinds Platform 2023.1
SolarWinds Platform Deserialization of Untrusted Data Vulnerability	CVE-2022-47503	8.8 High	02/15/2023	02/15/2023	SolarWinds Platform 2023.1
SolarWinds Platform Deserialization of Untrusted Data Vulnerability	CVE-2023-23836	8.8 High	02/15/2023	02/15/2023	SolarWinds Platform 2023.1
Disable NTLM: SAM 2022.4	CVE-2022-47508	7.5 High	02/15/2023	02/15/2023	Hybrid Cloud Observability 2023.1
SolarWinds Platform Deserialization of Untrusted Data Vulnerability	CVE-2022-47507	8.8 High	02/15/2023	02/15/2023	SolarWinds Platform 2023.1
SolarWinds Platform Deserialization of Untrusted Data Vulnerability	CVE-2022-47504	8.8 High	02/15/2023	02/15/2023	SolarWinds Platform 2023.1
SolarWinds Platform Deserialization of Untrusted Data Vulnerability	CVE-2022-38111	7.2 Medium	02/15/2023	02/15/2023	SolarWinds Platform 2023.1
Reflected Cross-Site Scripting Vulnerability	CVE-2022-38110	6.3 Medium	01/18/2023		Database Performance Analyzer 2023.1
Sensitive Information Disclosure Vulnerability	CVE-2022-38112	6.3 Medium	01/18/2023		Database Performance Analyzer 2023.1
Sensitive Data Disclosure Vulnerability	CVE-2022-47512	6.0 Medium	12/16/2022		Hybrid Cloud Observability / SolarWinds Platform 2022.4.1
Cross-Site Scripting Vulnerability in Serv-U Web Client	CVE-2022-38106	7.5 High	12/15/2022		Serv-U 15.3.2
Common Key Vulnerability in Serv-U FTP Server	CVE-2021-35252	6.5 Medium	12/15/2022		Serv-U 15.3.2
Insecure Methods Vulnerability	CVE-2022-38115	3.1 Low	11/22/2022	11/22/2022	SEM 2022.4
Client-Side Desync Vulnerability	CVE-2022-38114	3.7 Low	11/22/2022	11/22/2022	SEM 2022.4
Information Disclosure Vulnerability	CVE-2022-38113	3.1 Low	11/22/2022	11/22/2022	SEM 2022.4
SolarWinds Platform Command Injection	CVE-2022-36962	7.2 High	11/22/2022		SolarWinds Platform 2022.4
SolarWinds Platform Deserialization of Untrusted Data	CVE-2022-36964	8.8 High	11/22/2022		SolarWinds Platform 2022.4
Unprotected Transport of Credentials (HSTS) Vulnerability	CVE-2021-35246	5.3 Medium	11/22/2022		Engineer’s Toolset 2022.4 Desktop
SolarWinds Platform Improper Input Validation	CVE-2022-36960	8.8 High	11/22/2022		SolarWinds Platform 2022.4
OpenSSL buffer overflows in punycode decoding functions	CVE-2022-3602 CVE-2022-3786	7.5 High 7.5 High	11/01/2022	11/10/2022	OpenSSL 3.0.7
Apache Commons Text4Shell Vulnerability	CVE-2022-42889	9.8 Critical	10/26/2022	10/27/2022
SolarWinds Platform Deserialization of Untrusted Data	CVE-2022-38108	7.2 High	10/19/2022		SolarWinds Platform 2022.4 RC1
Insecure Direct Object Reference Vulnerability: SolarWinds Platform 2022.3	CVE-2022-36966	5.9 Medium	10/19/2022		SolarWinds Platform 2022.4 RC1
SolarWinds Platform Deserialization of Untrusted Data	CVE-2022-36958	8.8 High	10/19/2022		SolarWinds Platform 2022.4 RC1
SolarWinds Platform Deserialization of Untrusted Data	CVE-2022-36957	7.2 High	10/19/2022		SolarWinds Platform 2022.4 RC1
Sensitive Data Disclosure Vulnerability	CVE-2022-38107	4.3 Medium	10/18/2022	10/18/2022	SQL Sentry 2022.4
Stored and DOM XSS in QoE Applications: Orion Platform	CVE-2022-36965	7.1 High	09/28/2022		SolarWinds Platform 2022.3
SQL Injection in Orion Platform	CVE-2022-36961	8.0 High	09/28/2022		SolarWinds Platform 2022.3
Hashed Credential Exposure Vulnerability	CVE-2021-35226	2.7 Low	09/28/2022		Hybrid Cloud Observability 2022.3
Domain Admin Broken Access Control	CVE-2021-35249	4.3 Medium	05/17/2022		Serv-U 15.3.1
Cross-Site Scripting Vulnerability using SQL Query	CVE-2021-35229	6.8 High	04/19/2022		DPA 2022.2
0-day Vulnerabilities in Spring	CVE-2022-22963 CVE-2022-22965	N/A	03/31/2022	04/11/2022	00.000
Authenticated Remote Code Execution in Web Help Desk 12.7.8	CVE-2021-35254	8.2 High	03/24/2022	03/24/2022	Web Help Desk 12.7.8 HF1
Directory Transversal Vulnerability in Serv-U 15.3	CVE-2021-35250	7.5 High	03/02/2022	03/02/2022	Serv-U 15.3 HF 1
Sensitive Data Disclosure Vulnerability	CVE-2021-35251	5.3 Medium	02/15/2022	02/15/2022	WHD 12.7.8
Improper Input Validation Vulnerability in Serv-U	CVE-2021-35247	4.3 Medium	01/18/2022	01/18/2022	Serv-U 15.3
HTTP PUT & DELETE Methods Enabled	CVE-2021-35243	5.3 Medium	12/24/2021		Web Help Desk 12.7.7 HF1
Unrestricted access to Orion.UserSettings SWIS entity for low-privilege users	CVE-2021-35248	6.8 Medium	12/20/2021		Orion 2020.2.6 HF3
Unrestricted File Upload Causing Remote Code Execution: Orion 2020.2.6	CVE-2021-35244	6.8 High	12/20/2021		Orion 2020.2.6 HF3
Exposed Dangerous Functions - Privileged Escalation	CVE-2021-35234	8.0 High	12/20/2021		Orion Platform 2020.2.6 HF3
JMSAppender Associated with Log4j Vulnerability	CVE-2021-4104	8.1 High	12/17/2021	12/17/2021
JNDI Lookup Functionality Associated with Log4j Vulnerability	CVE-2021-45046	9.0 Critical	12/14/2021	12/23/2021
Apache Log4j Critical Vulnerability	CVE-2021-44228	10.0 Critical	12/12/2021	01/14/2022
A valid CSRF token is present in response to an invalid request	CVE-2021-35242	8.3 High	12/03/2021	12/03/2021	Serv-U 15.2.5
Broken Access Control Vulnerability for Serv-U	CVE-2021-35245	8.4 High	12/02/2021	12/02/2021	Serv-U 15.2.5
HTTP TRACK and TRACK Methods Enabled Vulnerability	CVE-2021-35233	5.3 Medium	10/19/2021		Kiwi Syslog Server 9.8
Clickjacking Vulnerability	CVE-2021-35237	5.0 Medium	10/19/2021		Kiwi Syslog Server 9.8
Missing Secure Flag from SSL Cookie Vulnerability	CVE-2021-35236	3.1 Low	10/19/2021		Kiwi Syslog Server 9.8
ASP.NET Debug Feature Enabled Vulnerability	CVE-2021-35235	5.3 Medium	10/19/2021		Kiwi Syslog Server 9.8
Unquoted Path Vulnerability - SMB Login	CVE-2021-35231	6.7 Medium	10/19/2021		Kiwi Syslog Server 9.8
Unquoted Path Vulnerability (SMB Login) with Kiwi CatTools	CVE-2021-35230	6.7 Medium	10/19/2021		Kiwi CatTools 3.12
Reflected Cross Site Scripting affecting SolarWinds: DPA 2021.3.7388	CVE-2021-35228	5.5 Medium	10/19/2021		DPA 2021.3.7438
Insecure Web Header Vulnerability - RabbitMQLogin	CVE-2021-35227	4.7 Medium	10/19/2021		ARM 2021.4
NPM Netpath Horizontal Privilege Escalation Vulnerability	CVE-2021-35225	5.0 Medium	10/19/2021		NPM 2020.2.6 HF2
Critical bug in SolarWinds Web Help Desk allows an attacker to execute Arbitrary Hibernate Queries	CVE-2021-35232	6.8 Medium	09/13/2021		Web Help Desk 12.7.7 Hotfix 1
Pingdom Session Management Vulnerability	CVE-2021-35214	4.8 Medium	09/13/2021		Pingdom
Execute Command Function Allows RCE Vulnerability	CVE-2021-35223	8.5 High	08/20/2021		Serv-U 15.2.4
Insecure Deserialization Of Untrusted Data Causing Remote Code Execution Vulnerability	CVE-2021-35217	8.9 High	08/20/2021		Patch Manager 2020.2.6 HF1
Access Restriction Bypass Via Referrer Spoof - Business Logic Bypass Vulnerability	CVE-2021-32076	5.8 Medium	08/20/2021		Web Help Desk 12.7.6
Stored XSS Via Help Server Setting Vulnerability	CVE-2021-35240	6.5 High	07/20/2021	08/24/2021	Orion Platform 2020.2.6 HF1
Stored XSS Via Maps Text Box Hyperlink Vulnerability	CVE-2021-35239	7.5 High	07/20/2021	08/24/2021	Orion Platform 2020.2.6 HF1
Stored XSS Through URL POST Parameter In CreateExternalWebsite Vulnerability	CVE-2021-35238	7.1 High	07/20/2021	08/24/2021	Orion Platform 2020.2.6 HF1
ActionPluginBaseView Deserialization of Untrusted Data RCE Vulnerability	CVE-2021-35215	8.9 High	07/15/2021		Orion Platform 2020.2.6
Resource.aspx Reflected Cross-Site Scripting Vulnerability	CVE-2021-35222	8.0 High	07/15/2021	08/24/2021	Orion Platform 2020.2.6 HF1
ImportAlert Improper Access Control Tampering Vulnerability	CVE-2021-35221	6.3 Medium	07/15/2021	08/24/2021	Orion Platform 2020.2.6 HF 1
EmailWebPage Command Injection Remote Code Execution Vulnerability	CVE-2021-35220	8.1 High	07/15/2021	08/24/2021	Orion Platform 2020.2.6 HF1
ExportToPdfCmd Arbitrary File Read Information Disclosure Vulnerability	CVE-2021-35219	6.0 Medium	07/15/2021	08/24/2021	Orion Platform 2020.2.6 HF1
Chart Endpoint Deserialization of Untrusted Data RCE Vulnerability	CVE-2021-35218	8.9 High	07/15/2021		Patch Manager 2020.2.6
Insecure Deserialization Of Untrusted Data Causing Remote Code Execution Vulnerability	CVE-2021-35216	8.9 High	07/15/2021		Patch Manager 2020.2.6
Orion User setting Improper Access Control Privilege Escalation Vulnerability	CVE-2021-35213	8.9 High	07/15/2021		Orion Platform 2020.2.6
Blind SQL Injection Vulnerability	CVE-2021-35212	8.9 High	07/15/2021		Orion Platform 2020.2.5 HF1, 2020.2.6, 2019.4.2, 2019.2 HF4
Privilege Escalation Vulnerability	CVE-2021-31217	6.5 Medium	07/15/2021		Dameware 12.2
Serv-U Remote Memory Escape Vulnerability	CVE-2021-35211	9.0 Critical	07/09/2021	07/15/2021	Serv-U 15.2.3 HF2
Broken Access Control On Node Management Vulnerability	CVE-2021-28674	4.6 Medium	05/13/2021		Orion Platform 2020.2.6, 2020.2.5 HF1
SenderEmail Parameter XSS Vulnerability	CVE-2021-32604	6.9 Medium	05/05/2021		Serv-U 15.2.3
SolarWinds Orion Job Scheduler Remote Code Execution Vulnerability	CVE-2021-31475	8.8 High	03/25/2021		Orion Platform 2020.2.5
RCE via Actions and JSON Deserialization Vulnerability	CVE-2021-31474	9.1 Critical	03/25/2021		Orion Platform 2020.2.5
Reverse Tabnabbing and Open Redirect Vulnerability	CVE-2021-3109	4.3 Medium	03/25/2021		Orion Platform 2020.2.5
Deserialization of Untrusted Data Privilege Escalation Vulnerability	CVE-2021-27277	8.8 High	03/25/2021	04/14/2021	SAM 2020.2.5
SaveUserSetting Improper Access Control Privilege Escalation Vulnerability	CVE-2021-27258	8.9 High	03/25/2021		Orion Platform 2020.2.4
Unprivileged Users can get DBO owner Access Vulnerability	CVE-2021-25275	8.2 High	02/05/2021		Web Help Desk 12.7.7 HF1
MSMQ Remote Code Execution Vulnerability	CVE-2021-25274	8.3 High	02/05/2021		Orion Platform 2020.2.4, 2019.4.2, 2019.2 HF4
Windows "Users" Directory Weak ACLs Vulnerability	CVE-2021-25276	8.8 High	01/18/2021	02/04/2021	Serv-U 15.2.2 HF 1
Deserialization of Untrusted Data Privilege Escalation Vulnerability	CVE-2021-27240	8.7 High	12/15/2020		Patch Manager 2020.2.1 HF 1
Heap Memory Corruption With RSA Private Key Operation	CVE-2022-2274	9.8 Critical