SolarWinds Security Vulnerabilities

security-advisories-index-hero.png

You can Subscribe to this RSS Feed to be notified when we update this page (note: you will need to cut and paste the "Subscribe to this RSS feed" URL into an RSS Feed Reader, e.g., Outlook's RSS Subscriptions, to monitor updates).

ADVISORYCVE IDSEVERITYRELEASE DATELAST UPDATEFIXED VERSION
Salesloft Drift Security IncidentCVE-Salesloft-Drift-Security-Incident

Critical

09/15/2025
SolarWinds Database Performance Analyzer Hard-coded Cryptographic Key VulnerabilityCVE-2025-26398

5.6 Medium

08/12/2025SolarWinds Database Performance Analyzer 2025.3
SolarWinds Web Help Desk XML External Entity Injection (XXE) VulnerabilityCVE-2025-26400

5.3 Medium

07/29/2025SolarWinds Web Help Desk 12.8.7
SolarWinds Observability Self-Hosted Deserialization of Untrusted Data Local Privilege Escalation VulnerabilityCVE-2025-26397

7.8 High

07/24/2025SWOSH 2025.2.1
SolarWinds SWOSH DOM-based reflective XSS VulnerabilityCVE-2025-26395

7.1 High

06/10/2025SWOSH 2025.2
SolarWinds SWOSH Open Redirection VulnerabilityCVE-2025-26394

4.8 Medium

06/10/2025SWOSH 2025.2
SolarWinds DameWare Mini Remote Control Service Incorrect Permissions Local Privilege Escalation VulnerabilityCVE-2025-26396

7.8

06/02/202506/02/2025Dameware Mini Remote Control 12.3.2
SolarWinds Serv-U Client-Side Cross-Site Scripting VulnerabilityCVE-2024-45712

2.6 Low

04/15/202504/15/2025SolarWinds Serv-U 15.5.1
SolarWinds Web Help Desk Cryptographic Key Management VulnerabilityCVE-2024-28989

5.5 Medium

02/11/2025SolarWinds Web Help Desk 12.8.5
Sensitive data disclosure vulnerabilityCVE-2024-45718

4.6 Medium

02/11/2025Kiwi NG 1.3.1
SolarWinds Platform Information Disclosure VulnerabilityCVE-2024-52611

3.5 Low

02/11/2025SolarWinds Platform 2025.1
SolarWinds Platform Server-Side Request Forgery VulnerabilityCVE-2024-52606

3.5 Low

02/11/2025SolarWinds Platform 2025.1
SolarWinds Platform Reflected Cross-Site Scripting VulnerabilityCVE-2024-52612

6.8 High

02/11/2025SolarWinds Platform 2025.1
SolarWinds Web Help Desk Local File Read VulnerabilityCVE-2024-45709

5.3 Medium

12/10/2024Web Help Desk 12.8.4
SolarWinds Platform Cross-Site Scripting VulnerabilityCVE-2024-45717

7.0 High

12/04/2024SolarWinds Platform 2024.4.1
SolarWinds Platform Uncontrolled Search Path Element Local Privilege Escalation VulnerabilityCVE-2024-45710

7.8 High

10/17/2024SolarWinds Platform 2024.4
SolarWinds Platform Edit Function Cross-Site Scripting VulnerabilityCVE-2024-45715

7.1 High

10/17/2024SolarWinds Platform 2024.4
SolarWinds Kiwi CatTools Sensitive Information Disclosure VulnerabilityCVE-2024-45713

5.1 Medium

10/16/2024Kiwi CatTools 3.12.4
Serv-U FTP Service Directory Traversal Remote Code Execution VulnerabilityCVE-2024-45711

7.5 High

10/16/202410/16/2024Serv-U 15.5
Stored XSS VulnerabilityCVE-2024-45714

5.7 Medium

10/16/2024Serv-U 15.5
SolarWinds Web Help Desk Java Deserialization Remote Code Execution VulnerabilityCVE-2024-28988

9.8 Critical

10/15/2024SolarWinds Web Help Desk 12.8.3 HF 3
SolarWinds Access Rights Manager (ARM) Deserialization of Untrusted Data Remote Code Execution VulnerabilityCVE-2024-28991

9.0 Critical

09/12/2024SolarWinds Access Rights Manager (ARM) 2024.3.1
SolarWinds Access Rights Manager (ARM) Hardcoded Credentials Authentication Bypass VulnerabilityCVE-2024-28990

6.3 Medium

09/12/2024Access Rights Manager (ARM) 2024.3.1 SR
Web Help Desk Hardcoded Credential VulnerabilityCVE-2024-28987

9.1 Critical

08/22/202412.8.3 HF2
SolarWinds Web Help Desk Java Deserialization Remote Code Execution VulnerabilityCVE-2024-28986

9.8 Critical

08/09/2024SolarWinds Web Help Desk 12.8.3 HF 1
SolarWinds Access Rights Manager (ARM) CreateFile Directory Traversal Remote Code Execution VulnerabilityCVE-2024-23471

9.6 Critical

07/17/2024SolarWinds Access Rights Manager (ARM) 2024.3
SolarWinds Access Rights Manager (ARM) deleteTransferFile Directory Traversal Arbitrary File Deletion and Information Disclosure VulnerabilityCVE-2024-23474

7.6 High

07/17/2024SolarWinds Access Rights Manager (ARM) 2024.3
SolarWinds Access Rights Manager (ARM) UserScriptHumster Exposed Dangerous Method Remote Command Execution VulnerabilityCVE-2024-23470

9.6 Critical

07/17/2024SolarWinds Access Rights Manager (ARM) 2024.3
SolarWinds Access Rights Manager Traversal Remote Code Execution VulnerabilityCVE-2024-23467

9.6 Critical

07/17/2024SolarWinds Access Rights Manager (ARM) 2024.3
SolarWinds Access Rights Manager (ARM) ChangeHumster Exposed Dangerous Method Authentication Bypass VulnerabilityCVE-2024-23465

8.3 High

07/17/2024SolarWinds Access Rights Manager (ARM) 2024.3
SolarWinds Access Rights Manager Exposed Dangerous Method Remote Code Execution VulnerabilityCVE-2024-23469

9.6 Critical

07/17/2024SolarWinds Access Rights Manager (ARM) 2024.3
SolarWinds Access Rights Manager (ARM) Internal Deserialization Remote Code Execution VulnerabilityCVE-2024-28074

9.6 Critical

07/17/2024SolarWinds Access Rights Manager (ARM) 2024.3
SolarWinds ARM Directory Traversal Arbitrary File Deletion and Information Disclosure VulnerabilityCVE-2024-23472

9.6 Critical

07/17/2024SolarWinds Access Rights Manager (ARM) 2024.3
SolarWinds Access Rights Manager Traversal and Information Disclosure VulnerabilityCVE-2024-28992

7.6 High

07/17/2024SolarWinds Access Rights Manager (ARM) 2024.3
SolarWinds Access Rights Manager Directory Traversal Remote Code Execution VulnerabilityCVE-2024-23466

9.6 Critical

07/17/2024SolarWinds Access Rights Manager (ARM) 2024.3
SolarWinds Access Rights Manager Traversal and Information Disclosure VulnerabilityCVE-2024-23475

9.6 Critical

07/17/2024SolarWinds Access Rights Manager (ARM) 2024.3
SolarWinds Access Rights Manager Traversal and Information Disclosure VulnerabilityCVE-2024-23468

7.6 High

07/17/2024SolarWinds Access Rights Manager (ARM) 2024.3
SolarWinds Access Rights Manager Traversal and Information Disclosure VulnerabilityCVE-2024-28993

7.6 High

07/17/2024SolarWinds Access Rights Manager (ARM) 2024.3
SolarWinds Serv-U Local File Disclosure Directory Transversal VulnerabilityCVE-2024-28995

8.6 High

06/05/202406/21/2024SolarWinds Serv-U 15.4.2 HF 2
SolarWinds Platform SWQL Injection VulnerabilityCVE-2024-28996

7.5 High

06/04/202406/04/2024SolarWinds Platform 2024.2
SolarWinds Platform Race Condition Vulnerability (CVE-2024-28999)CVE-2024-28999

6.4 High

06/04/202406/04/2024SolarWinds Platform 2024.2
SolarWinds Platform Stored XSS VulnerabilityCVE-2024-29004

7.1 High

06/04/202406/04/2024SolarWinds Platform 2024.2
SolarWinds Access Rights Manager (ARM) Hard-Coded Credentials Authentication Bypass VulnerabilityCVE-2024-23473

8.6 High

05/09/2024SolarWinds Access Rights Manager (ARM)
SolarWinds ARM Deserialization of Untrusted Data Remote Code Execution VulnerabilityCVE-2024-28075

9.0 Critical

05/09/202405/09/2024SolarWinds ARM 2023.2.4
Arbitrary File Overwrite VulnerabilityCVE-2024-28072

5.7 Medium

05/03/2024Serv-U 15.4.2 Hotfix 1
SolarWinds Platform SWQL Injection VulnerabilityCVE-2024-29001

7.5 High

04/18/202404/18/2024SolarWinds Platform 2024.1 SR 1
SolarWinds Platform Cross Site Scripting VulnerabilityCVE-2024-29003

7.5 High

04/18/202404/18/2024SolarWinds Platform 2024.1 SR 1
SolarWinds Platform Arbitrary Open Redirection VulnerabilityCVE-2024-28076

7.0 High

04/18/202404/18/2024SolarWinds Platform 2024.1 SR 1
SolarWinds Platform Reflected XSS VulnerabilityCVE-2024-29000

7.9 High

04/18/202405/20/2024SolarWinds Platform 2024.1 SR 1
SolarWinds Serv-U Directory Traversal Remote Code Execution VulnerabilityCVE-2024-28073

8.4 High

04/17/202404/17/2024SolarWinds Serv-U 15.4.2
Dameware Remote Everywhere Fake Login Site Created to Steal User Credentials.CVE-DRE-Advisory

5.0 Medium

04/10/2024
SolarWinds SEM Deserialization of Untrusted Data Remote Code Execution VulnerabilityCVE-2024-0692

8.8 High

03/01/202403/01/2024SolarWinds SEM 2023.4.1 SR
SQL Injection Remote Code Execution VulnerabilityCVE-2023-35188

8.0 High

02/06/202402/06/2024SolarWinds Platform 2024.1
SolarWinds Access Rights Manager (ARM) Deserialization of Untrusted Data Remote Code Execution VulnerabilityCVE-2023-40057

9.0 Critical

02/06/202402/06/2024SolarWinds Access Rights Manager (ARM) 2023.2.3
SQL Injection Remote Code Execution VulnerabilityCVE-2023-50395

8.0 High

02/06/202402/06/2024SolarWinds Platform 2024.1
SolarWinds Access Rights Manager (ARM) Directory Traversal Remote Code Execution VulnerabilityCVE-2024-23476

9.6 Critical

02/06/202402/06/2024SolarWinds Access Rights Manager (ARM) 2023.2.3
SolarWinds Access Rights Manager (ARM) Traversal Remote Code Execution VulnerabilityCVE-2024-23477

7.9 High

02/06/202402/06/2024SolarWinds Access Rights Manager (ARM) 2023.2.3
SolarWinds Access Rights Manager (ARM) Deserialization of Untrusted Data Remote Code Execution VulnerabilityCVE-2024-23478

8.0 High

02/06/202402/06/2024SolarWinds Access Rights Manager (ARM) 2023.2.3
SolarWinds Access Rights Manager (ARM) Traversal Remote Code Execution VulnerabilityCVE-2024-23479

9.6 Critical

02/06/202402/06/2024SolarWinds Access Rights Manager (ARM) 2023.2.3
Sensitive Data Disclosure VulnerabilityCVE-2023-40058

7.6 High

12/20/202312/20/2023Access Rights Manager (ARM) 2023.2.2
SSH Terrapin Prefix Truncation WeaknessCVE-2023-48795

5.9 Medium

12/18/202301/29/2024
HTML Injection Vulnerability on Serv-U 15.4CVE-2023-40053

4.6 Medium

12/05/202312/05/2023Serv-U 15.4.1
SQL Injection Remote Code Execution VulnerabilityCVE-2023-40056

8.0 High

11/28/2023SolarWinds Platform 2023.4.2
Directory Traversal Remote Code Execution VulnerabilityCVE-2023-40054

8.0 High

11/01/2023Network Configuration Manager 2023.4.1
Directory Traversal Remote Code Execution VulnerabilityCVE-2023-40055

8.0 High

11/01/2023Network Configuration Manager 2023.4.1
SolarWinds Platform Incomplete List of Disallowed Inputs Remote Code Execution VulnerabilityCVE-2023-40062

8.0 High

11/01/2023SolarWinds Platform 2023.4
Directory Traversal Remote Code Execution VulnerabilityCVE-2023-33227

8.0 High

11/01/202311/01/2023Network Configuration Manager 2023.4
Directory Traversal Remote Code Execution VulnerabilityCVE-2023-33226

8.0 High

11/01/2023Network Configuration Manager 2023.4
Insecure Job Execution Mechanism VulnerabilityCVE-2023-40061

7.1 High

11/01/2023SolarWinds Platform 2023.4
Sensitive Information Disclosure VulnerabilityCVE-2023-33228

4.5 Medium

11/01/2023Network Configuration Manager 2023.4
Apache ActiveMQ VulnerabilityCVE-2023-46604

10.0 Critical

10/27/202310/28/2023
SolarWinds Access Rights Manager Incorrect Default Permissions Local Privilege Escalation VulnerabilityCVE-2023-35181

7.8 High

10/18/202310/18/2023SolarWinds ARM 2023.2.1
SolarWinds ARM Deserialization of Untrusted Data Remote Code Execution VulnerabilityCVE-2023-35182

8.8 High

10/18/202310/18/2023SolarWinds ARM 2023.2.1
SolarWinds Access Rights Manager OpenFile Directory Traversal Remote Code Execution VulnerabilityCVE-2023- 35185

8.8 High

10/18/202310/18/2023SolarWinds ARM 2023.2.1
SolarWinds ARM Deserialization of Untrusted Data Remote Code Execution VulnerabilityCVE-2023-35186

8.0 High

10/18/202310/18/2023SolarWinds ARM 2023.2.1
SolarWinds Access Rights Manager Directory Traversal Remote Code Execution VulnerabilityCVE-2023-35187

8.8 High

10/18/202310/18/2023SolarWinds ARM 2023.2.1
SolarWinds Access Rights Manager Incorrect Default Permissions Local Privilege Escalation VulnerabilityCVE-2023-35183

7.8 High

10/18/202310/18/2023SolarWinds ARM 2023.2.1
SolarWinds ARM Deserialization of Untrusted Data Remote Code Execution VulnerabilityCVE-2023-35184

8.8 High

10/18/202310/18/2023SolarWinds ARM 2023.2.1
SolarWinds Access Rights Manager Deserialization of Untrusted Data Remote Code Execution VulnerabilityCVE-2023-35180

8.0 High

10/18/202310/18/2023SolarWinds ARM 2023.2.1
Recommendations for SolarWinds productsCVE-2023-44487

7.5 High

10/10/202310/20/2023
MFA/2FA Bypass Vulnerability in Serv-U 15.4: Serv-U 15.4 and 15.4 HF1CVE-2023-40060

6.6 Medium

08/30/202308/30/2023Serv-U 15.4 HF2
MFA/2FA Bypass Vulnerability in Serv-U 15.4CVE-2023-35179

6.6 Medium

08/04/202308/04/2023Serv-U 15.4 HF1
SolarWinds Network Configuration Manager Directory Traversal VulnerabilityCVE-2023-23842

6.8 Medium

07/18/202307/18/2023Network Configuration Manager 2023.3
SolarWinds Platform Incorrect Comparison VulnerabilityCVE-2023-23843

6.8 Medium

07/18/202307/18/2023SolarWinds Platform 2023.3
SolarWinds Platform Exposed Dangerous Method VulnerabilityCVE-2023-23845

6.8 Medium

07/18/202307/18/2023SolarWinds Platform 2023.3.1
SolarWinds Platform Deserialization of Untrusted Data VulnerabilityCVE-2023-33225

6.8 Medium

07/18/202307/18/2023SolarWinds Platform 2023.3
SolarWinds Platform Incorrect Input Neutralization VulnerabilityCVE-2023-33229

3.1 Low

07/18/202307/18/2023SolarWinds Platform 2023.3
SolarWinds Platform Exposed Dangerous Method VulnerabilityCVE-2023-23840

6.8 Medium

07/18/202307/18/2023SolarWinds Platform 2023.3.1
SolarWinds Platform Incomplete List of Disallowed Inputs VulnerabilityCVE-2023-23844

6.8 Medium

07/18/202307/18/2023SolarWinds Platform 2023.3
SolarWinds Platform Incorrect Behavior Order VulnerabilityCVE-2023-33224

6.8 Medium

07/18/202307/18/2023SolarWinds Platform 2023.3
SolarWinds Platform Access Control Bypass VulnerabilityCVE-2023-3622

4.6 Medium

07/18/202307/18/2023SolarWinds Platform 2023.3
Cross-Site Scripting VulnerabilityCVE-2023-33231

5.4 Medium

07/18/202307/18/2023Database Performance Analyzer(DPA) 2023.2.100
SolarWinds Serv-U Exposure of Sensitive Information VulnerabilityCVE-2023-23841

4.8 Medium

05/17/202305/17/2023Serv-U 15.4
SolarWinds Platform Exposure of Sensitive Information VulnerabilityCVE-2023-23839

6.8 Medium

04/20/202304/20/2023SolarWinds Platform 2023.2
Directory traversal and file enumeration vulnerabilityCVE-2023-23838

4.0

Medium

04/18/202304/18/2023Database Performance Analyzer (DPA) 2023.2
No Exception Handling VulnerabilityCVE-2023-23837

4.3 Medium

04/18/202304/18/2023Database Performance Analyzer (DPA) 2023.2
SolarWinds Platform Command Injection VulnerabilityCVE-2022-36963

8.8 High

04/18/202304/18/2023SolarWinds Platform 2023.2
SolarWinds Platform Incorrect Input Neutralization VulnerabilityCVE-2022-47509

4.3 Medium

04/18/202304/18/2023SolarWinds Platform 2023.2
SolarWinds Platform Local Privilege Escalation VulnerabilityCVE-2022-47505

7.8 High

04/18/202304/18/2023SolarWinds Platform 2023.2
Disable NTLM: SAM 2022.4CVE-2022-47508

7.5 High

02/15/202302/15/2023SolarWinds Observability Self-Hosted 2023.1
SolarWinds Platform Deserialization of Untrusted Data VulnerabilityCVE-2022-47503

8.8 High

02/15/202302/15/2023SolarWinds Platform 2023.1
SolarWinds Platform Deserialization of Untrusted Data VulnerabilityCVE-2022-47504

8.8 High

02/15/202302/15/2023SolarWinds Platform 2023.1
SolarWinds Platform Deserialization of Untrusted Data VulnerabilityCVE-2022-47507

8.8 High

02/15/202302/15/2023SolarWinds Platform 2023.1
SolarWinds Platform Deserialization of Untrusted Data VulnerabilityCVE-2023-23836

8.8 High

02/15/202302/15/2023SolarWinds Platform 2023.1
SolarWinds Platform Directory TraversalCVE-2022-47506

8.8 High

02/15/202302/15/2023SolarWinds Platform 2023.1
SolarWinds Platform Deserialization of Untrusted Data VulnerabilityCVE-2022-38111

7.2 Medium

02/15/202302/15/2023SolarWinds Platform 2023.1
Reflected Cross-Site Scripting VulnerabilityCVE-2022-38110

6.3 Medium

01/18/2023Database Performance Analyzer 2023.1
Sensitive Information Disclosure VulnerabilityCVE-2022-38112

6.3 Medium

01/18/2023Database Performance Analyzer 2023.1
Sensitive Data Disclosure VulnerabilityCVE-2022-47512

6.0 Medium

12/16/2022SolarWinds Observability Self-Hosted / SolarWinds Platform 2022.4.1
Common Key Vulnerability in Serv-U FTP ServerCVE-2021-35252

6.5 Medium

12/15/2022Serv-U 15.3.2
Cross-Site Scripting Vulnerability in Serv-U Web ClientCVE-2022-38106

7.5 High

12/15/2022Serv-U 15.3.2
Client-Side Desync VulnerabilityCVE-2022-38114

3.7 Low

11/22/202211/22/2022SEM 2022.4
Information Disclosure VulnerabilityCVE-2022-38113

3.1 Low

11/22/202211/22/2022SEM 2022.4
Insecure Methods VulnerabilityCVE-2022-38115

3.1 Low

11/22/202211/22/2022SEM 2022.4
SolarWinds Platform Command InjectionCVE-2022-36962

7.2 High

11/22/2022SolarWinds Platform 2022.4
SolarWinds Platform Deserialization of Untrusted DataCVE-2022-36964

8.8 High

11/22/2022SolarWinds Platform 2022.4
SolarWinds Platform Improper Input ValidationCVE-2022-36960

8.8 High

11/22/2022SolarWinds Platform 2022.4
Unprotected Transport of Credentials (HSTS) VulnerabilityCVE-2021-35246

5.3 Medium

11/22/2022Engineer’s Toolset 2022.4 Desktop
OpenSSL buffer overflows in punycode decoding functionsCVE-2022-3602 CVE-2022-3786

7.5 High

7.5 High

11/01/202211/10/2022OpenSSL 3.0.7
Apache Commons Text4Shell VulnerabilityCVE-2022-42889

9.8 Critical

10/26/202210/27/2022
Insecure Direct Object Reference Vulnerability: SolarWinds Platform 2022.3CVE-2022-36966

5.9 Medium

10/19/2022SolarWinds Platform 2022.4 RC1
SolarWinds Platform Deserialization of Untrusted DataCVE-2022-36957

7.2 High

10/19/2022SolarWinds Platform 2022.4 RC1
SolarWinds Platform Deserialization of Untrusted DataCVE-2022-36958

8.8 High

10/19/2022SolarWinds Platform 2022.4 RC1
SolarWinds Platform Deserialization of Untrusted DataCVE-2022-38108

7.2 High

10/19/2022SolarWinds Platform 2022.4 RC1
Sensitive Data Disclosure VulnerabilityCVE-2022-38107

4.3 Medium

10/18/202210/18/2022SQL Sentry 2022.4
Hashed Credential Exposure VulnerabilityCVE-2021-35226

2.7 Low

09/28/2022Hybrid Cloud Observability 2022.3
SQL Injection in Orion PlatformCVE-2022-36961

8.0 High

09/28/2022SolarWinds Platform 2022.3
Stored and DOM XSS in QoE Applications: Orion PlatformCVE-2022-36965

7.1 High

09/28/2022SolarWinds Platform 2022.3
Domain Admin Broken Access ControlCVE-2021-35249

4.3 Medium

05/17/2022Serv-U 15.3.1
Cross-Site Scripting Vulnerability using SQL QueryCVE-2021-35229

6.8 High

04/19/2022DPA 2022.2
0-day Vulnerabilities in SpringCVE-2022-22963 CVE-2022-22965

N/A

03/31/202204/11/202200.000
Authenticated Remote Code Execution in Web Help Desk 12.7.8CVE-2021-35254

8.2 High

03/24/202203/24/2022Web Help Desk 12.7.8 HF1
Directory Transversal Vulnerability in Serv-U 15.3CVE-2021-35250

7.5 High

03/02/202203/02/2022Serv-U 15.3 HF 1
Sensitive Data Disclosure VulnerabilityCVE-2021-35251

5.3 Medium

02/15/202202/15/2022WHD 12.7.8
Improper Input Validation Vulnerability in Serv-UCVE-2021-35247

4.3 Medium

01/18/202201/18/2022Serv-U 15.3
HTTP PUT & DELETE Methods EnabledCVE-2021-35243

5.3 Medium

12/24/2021Web Help Desk 12.7.7 HF1
Exposed Dangerous Functions - Privileged EscalationCVE-2021-35234

8.0 High

12/20/2021Orion Platform 2020.2.6 HF3
Unrestricted access to Orion.UserSettings SWIS entity for low-privilege usersCVE-2021-35248

6.8 Medium

12/20/2021Orion 2020.2.6 HF3
Unrestricted File Upload Causing Remote Code Execution: Orion 2020.2.6CVE-2021-35244

6.8 High

12/20/2021Orion 2020.2.6 HF3
JMSAppender Associated with Log4j VulnerabilityCVE-2021-4104

8.1 High

12/17/202112/17/2021
JNDI Lookup Functionality Associated with Log4j VulnerabilityCVE-2021-45046

9.0 Critical

12/14/202112/23/2021
Apache Log4j Critical VulnerabilityCVE-2021-44228

10.0 Critical

12/12/202101/14/2022
A valid CSRF token is present in response to an invalid requestCVE-2021-35242

8.3 High

12/03/202112/03/2021Serv-U 15.2.5
Broken Access Control Vulnerability for Serv-UCVE-2021-35245

8.4 High

12/02/202112/02/2021Serv-U 15.2.5
ASP.NET Debug Feature Enabled VulnerabilityCVE-2021-35235

5.3 Medium

10/19/2021Kiwi Syslog Server 9.8
Clickjacking VulnerabilityCVE-2021-35237

5.0 Medium

10/19/2021Kiwi Syslog Server 9.8
HTTP TRACK and TRACK Methods Enabled VulnerabilityCVE-2021-35233

5.3 Medium

10/19/2021Kiwi Syslog Server 9.8
Insecure Web Header Vulnerability - RabbitMQLoginCVE-2021-35227

4.7 Medium

10/19/2021ARM 2021.4
Missing Secure Flag from SSL Cookie VulnerabilityCVE-2021-35236

3.1 Low

10/19/2021Kiwi Syslog Server 9.8
NPM Netpath Horizontal Privilege Escalation VulnerabilityCVE-2021-35225

5.0 Medium

10/19/2021NPM 2020.2.6 HF2
Reflected Cross Site Scripting affecting SolarWinds: DPA 2021.3.7388CVE-2021-35228

5.5 Medium

10/19/2021DPA 2021.3.7438
Unquoted Path Vulnerability - SMB LoginCVE-2021-35231

6.7 Medium

10/19/2021Kiwi Syslog Server 9.8
Unquoted Path Vulnerability (SMB Login) with Kiwi CatToolsCVE-2021-35230

6.7 Medium

10/19/2021Kiwi CatTools 3.12
Critical bug in SolarWinds Web Help Desk allows an attacker to execute Arbitrary Hibernate QueriesCVE-2021-35232

6.8 Medium

09/13/2021Web Help Desk 12.7.7 Hotfix 1
Pingdom Session Management VulnerabilityCVE-2021-35214

4.8 Medium

09/13/2021Pingdom
Access Restriction Bypass Via Referrer Spoof - Business Logic Bypass VulnerabilityCVE-2021-32076

5.8 Medium

08/20/2021Web Help Desk 12.7.6
Execute Command Function Allows RCE VulnerabilityCVE-2021-35223

8.5 High

08/20/2021Serv-U 15.2.4
Insecure Deserialization Of Untrusted Data Causing Remote Code Execution VulnerabilityCVE-2021-35217

8.9 High

08/20/2021Patch Manager 2020.2.6 HF1
Stored XSS Through URL POST Parameter In CreateExternalWebsite VulnerabilityCVE-2021-35238

7.1 High

07/20/202108/24/2021Orion Platform 2020.2.6 HF1
Stored XSS Via Help Server Setting VulnerabilityCVE-2021-35240

6.5 High

07/20/202108/24/2021Orion Platform 2020.2.6 HF1
Stored XSS Via Maps Text Box Hyperlink VulnerabilityCVE-2021-35239

7.5 High

07/20/202108/24/2021Orion Platform 2020.2.6 HF1
ActionPluginBaseView Deserialization of Untrusted Data RCE VulnerabilityCVE-2021-35215

8.9 High

07/15/2021Orion Platform 2020.2.6
Blind SQL Injection VulnerabilityCVE-2021-35212

8.9 High

07/15/2021Orion Platform 2020.2.5 HF1, 2020.2.6, 2019.4.2, 2019.2 HF4
Chart Endpoint Deserialization of Untrusted Data RCE VulnerabilityCVE-2021-35218

8.9 High

07/15/2021Patch Manager 2020.2.6
EmailWebPage Command Injection Remote Code Execution VulnerabilityCVE-2021-35220

8.1 High

07/15/202108/24/2021Orion Platform 2020.2.6 HF1
ExportToPdfCmd Arbitrary File Read Information Disclosure VulnerabilityCVE-2021-35219

6.0 Medium

07/15/202108/24/2021Orion Platform 2020.2.6 HF1
ImportAlert Improper Access Control Tampering VulnerabilityCVE-2021-35221

6.3 Medium

07/15/202108/24/2021Orion Platform 2020.2.6 HF 1
Insecure Deserialization Of Untrusted Data Causing Remote Code Execution VulnerabilityCVE-2021-35216

8.9 High

07/15/2021Patch Manager 2020.2.6
Orion User setting Improper Access Control Privilege Escalation VulnerabilityCVE-2021-35213

8.9 High

07/15/2021Orion Platform 2020.2.6
Privilege Escalation VulnerabilityCVE-2021-31217

6.5 Medium

07/15/2021Dameware 12.2
Resource.aspx Reflected Cross-Site Scripting VulnerabilityCVE-2021-35222

8.0 High

07/15/202108/24/2021Orion Platform 2020.2.6 HF1
Serv-U Remote Memory Escape VulnerabilityCVE-2021-35211

9.0 Critical

07/09/202107/15/2021Serv-U 15.2.3 HF2
Broken Access Control On Node Management VulnerabilityCVE-2021-28674

4.6 Medium

05/13/2021Orion Platform 2020.2.6, 2020.2.5 HF1
SenderEmail Parameter XSS VulnerabilityCVE-2021-32604

6.9 Medium

05/05/2021Serv-U 15.2.3
Deserialization of Untrusted Data Privilege Escalation VulnerabilityCVE-2021-27277

8.8 High

03/25/202104/14/2021SAM 2020.2.5
RCE via Actions and JSON Deserialization VulnerabilityCVE-2021-31474

9.1 Critical

03/25/2021Orion Platform 2020.2.5
Reverse Tabnabbing and Open Redirect VulnerabilityCVE-2021-3109

4.3 Medium

03/25/2021Orion Platform 2020.2.5
SaveUserSetting Improper Access Control Privilege Escalation VulnerabilityCVE-2021-27258

8.9 High

03/25/2021Orion Platform 2020.2.4
SolarWinds Orion Job Scheduler Remote Code Execution VulnerabilityCVE-2021-31475

8.8 High

03/25/2021Orion Platform 2020.2.5
MSMQ Remote Code Execution VulnerabilityCVE-2021-25274

8.3 High

02/05/2021Orion Platform 2020.2.4, 2019.4.2, 2019.2 HF4
Unprivileged Users can get DBO owner Access VulnerabilityCVE-2021-25275

8.2 High

02/05/2021Web Help Desk 12.7.7 HF1
Windows "Users" Directory Weak ACLs VulnerabilityCVE-2021-25276

8.8 High

01/18/202102/04/2021Serv-U 15.2.2 HF 1
Deserialization of Untrusted Data Privilege Escalation VulnerabilityCVE-2021-27240

8.7 High

12/15/2020Patch Manager 2020.2.1 HF 1
Heap Memory Corruption With RSA Private Key OperationCVE-2022-2274

9.8 Critical

SolarWinds Service Desk Broken Access Control VulnerabilityCVE-2025-26393

5.4 Medium

SolarWinds Service Desk