Sensitive Data Disclosure Vulnerability | CVE-2023-40058 | 7.6 High | 12/20/2023 | 12/20/2023 | Access Rights Manager (ARM) 2023.2.2 |
HTML Injection Vulnerability on Serv-U 15.4 | CVE-2023-40053 | 4.6 Medium | 12/05/2023 | 12/05/2023 | Serv-U 15.4.1 |
SQL Injection Remote Code Execution Vulnerability | CVE-2023-40056 | 8.0 High | 11/28/2023 | | SolarWinds Platform 2023.4.2 |
Directory Traversal Remote Code Execution Vulnerability | CVE-2023-40055 | 8.0 High | 11/01/2023 | | Network Configuration Manager 2023.4.1
|
Directory Traversal Remote Code Execution Vulnerability | CVE-2023-40054 | 8.0 High | 11/01/2023 | | Network Configuration Manager 2023.4.1 |
Directory Traversal Remote Code Execution Vulnerability | CVE-2023-33226 | 8.0 High | 11/01/2023 | | Network Configuration Manager 2023.4 |
Sensitive Information Disclosure Vulnerability | CVE-2023-33228 | 4.5 Medium | 11/01/2023 | | Network Configuration Manager 2023.4 |
Directory Traversal Remote Code Execution Vulnerability | CVE-2023-33227 | 8.0 High | 11/01/2023 | 11/01/2023 | Network Configuration Manager 2023.4 |
SolarWinds Platform Incomplete List of Disallowed Inputs Remote Code Execution Vulnerability | CVE-2023-40062 | 8.0 High | 11/01/2023 | | SolarWinds Platform 2023.4 |
Insecure Job Execution Mechanism Vulnerability | CVE-2023-40061 | 7.1 High | 11/01/2023 | | SolarWinds Platform 2023.4 |
Apache ActiveMQ Vulnerability | CVE-2023-46604 | 10.0 Critical | 10/27/2023 | 10/28/2023 | |
SolarWinds Access Rights Manager Incorrect Default Permissions Local Privilege Escalation Vulnerability | CVE-2023-35181 | 7.8 High | 10/18/2023 | 10/18/2023 | SolarWinds ARM 2023.2.1
|
SolarWinds ARM Deserialization of Untrusted Data Remote Code Execution Vulnerability | CVE-2023-35184 | 8.8 High | 10/18/2023 | 10/18/2023 | SolarWinds ARM 2023.2.1 |
SolarWinds Access Rights Manager Deserialization of Untrusted Data Remote Code Execution Vulnerability | CVE-2023-35180 | 8.0 High | 10/18/2023 | 10/18/2023 | SolarWinds ARM 2023.2.1 |
SolarWinds Access Rights Manager Directory Traversal Remote Code Execution Vulnerability | CVE-2023-35187 | 8.8 High | 10/18/2023 | 10/18/2023 | SolarWinds ARM 2023.2.1 |
SolarWinds Access Rights Manager OpenFile Directory Traversal Remote Code Execution Vulnerability | CVE-2023-35185 | 8.8 High | 10/18/2023 | 10/18/2023 | SolarWinds ARM 2023.2.1 |
SolarWinds Access Rights Manager Incorrect Default Permissions Local Privilege Escalation Vulnerability | CVE-2023-35183 | 7.8 High | 10/18/2023 | 10/18/2023 | SolarWinds ARM 2023.2.1 |
SolarWinds ARM Deserialization of Untrusted Data Remote Code Execution Vulnerability | CVE-2023-35182 | 8.8 High | 10/18/2023 | 10/18/2023 | SolarWinds ARM 2023.2.1 |
SolarWinds ARM Deserialization of Untrusted Data Remote Code Execution Vulnerability | CVE-2023-35186 | 8.0 High | 10/18/2023 | 10/18/2023 | SolarWinds ARM 2023.2.1 |
Recommendations for SolarWinds products | CVE-2023-44487 | 7.5 High | 10/10/2023 | 10/20/2023 | |
MFA/2FA Bypass Vulnerability in Serv-U 15.4: Serv-U 15.4 and 15.4 HF1 | CVE-2023-40060 | 6.6 Medium | 08/30/2023 | 08/30/2023 | Serv-U 15.4 HF2 |
MFA/2FA Bypass Vulnerability in Serv-U 15.4 | CVE-2023-35179 | 6.6 Medium | 08/04/2023 | 08/04/2023 | Serv-U 15.4 HF1 |
SolarWinds Platform Exposed Dangerous Method Vulnerability | CVE-2023-23845 | 6.8 Medium | 07/18/2023 | 07/18/2023 | SolarWinds Platform 2023.3.1 |
SolarWinds Platform Exposed Dangerous Method Vulnerability | CVE-2023-23840 | 6.8 Medium | 07/18/2023 | 07/18/2023 | SolarWinds Platform 2023.3.1 |
SolarWinds Platform Access Control Bypass Vulnerability | CVE-2023-3622 | 4.6 Medium | 07/18/2023 | 07/18/2023 | SolarWinds Platform 2023.3 |
SolarWinds Platform Incorrect Behavior Order Vulnerability | CVE-2023-33224 | 6.8 Medium | 07/18/2023 | 07/18/2023 | SolarWinds Platform 2023.3 |
SolarWinds Platform Incorrect Input Neutralization Vulnerability | CVE-2023-33229 | 3.1 Low | 07/18/2023 | 07/18/2023 | SolarWinds Platform 2023.3 |
SolarWinds Platform Deserialization of Untrusted Data Vulnerability | CVE-2023-33225 | 6.8 Medium | 07/18/2023 | 07/18/2023 | SolarWinds Platform 2023.3 |
SolarWinds Platform Incomplete List of Disallowed Inputs Vulnerability | CVE-2023-23844 | 6.8 Medium | 07/18/2023 | 07/18/2023 | SolarWinds Platform 2023.3 |
SolarWinds Network Configuration Manager Directory Traversal Vulnerability | CVE-2023-23842 | 6.8 Medium | 07/18/2023 | 07/18/2023 | Network Configuration Manager 2023.3 |
SolarWinds Platform Incorrect Comparison Vulnerability | CVE-2023-23843 | 6.8 Medium | 07/18/2023 | 07/18/2023 | SolarWinds Platform 2023.3 |
Cross-Site Scripting Vulnerability | CVE-2023-33231 | 5.4 Medium | 07/18/2023 | 07/18/2023 | Database Performance Analyzer(DPA) 2023.2.100 |
SolarWinds Serv-U Exposure of Sensitive Information Vulnerability | CVE-2023-23841 | 4.8 Medium | 05/17/2023 | 05/17/2023 | Serv-U 15.4 |
SolarWinds Platform Exposure of Sensitive Information Vulnerability | CVE-2023-23839 | 6.8 Medium | 04/20/2023 | 04/20/2023 | SolarWinds Platform 2023.2 |
No Exception Handling Vulnerability | CVE-2023-23837 | 4.3 Medium | 04/18/2023 | 04/18/2023 | Database Performance Analyzer (DPA) 2023.2 |
Directory traversal and file enumeration vulnerability | CVE-2023-23838 | 4.0 Medium | 04/18/2023 | 04/18/2023 | Database Performance Analyzer (DPA) 2023.2 |
SolarWinds Platform Command Injection Vulnerability | CVE-2022-36963 | 8.8 High | 04/18/2023 | 04/18/2023 | SolarWinds Platform 2023.2 |
SolarWinds Platform Incorrect Input Neutralization Vulnerability | CVE-2022-47509 | 4.3 Medium | 04/18/2023 | 04/18/2023 | SolarWinds Platform 2023.2 |
SolarWinds Platform Local Privilege Escalation Vulnerability | CVE-2022-47505 | 7.8 High | 04/18/2023 | 04/18/2023 | SolarWinds Platform 2023.2 |
SolarWinds Platform Directory Traversal | CVE-2022-47506 | 8.8 High | 02/15/2023 | 02/15/2023 | SolarWinds Platform 2023.1 |
SolarWinds Platform Deserialization of Untrusted Data Vulnerability | CVE-2022-47503 | 8.8 High | 02/15/2023 | 02/15/2023 | SolarWinds Platform 2023.1 |
SolarWinds Platform Deserialization of Untrusted Data Vulnerability | CVE-2023-23836 | 8.8 High | 02/15/2023 | 02/15/2023 | SolarWinds Platform 2023.1 |
Disable NTLM: SAM 2022.4 | CVE-2022-47508 | 7.5 High | 02/15/2023 | 02/15/2023 | Hybrid Cloud Observability 2023.1 |
SolarWinds Platform Deserialization of Untrusted Data Vulnerability | CVE-2022-47507 | 8.8 High | 02/15/2023 | 02/15/2023 | SolarWinds Platform 2023.1 |
SolarWinds Platform Deserialization of Untrusted Data Vulnerability | CVE-2022-47504 | 8.8 High | 02/15/2023 | 02/15/2023 | SolarWinds Platform 2023.1 |
SolarWinds Platform Deserialization of Untrusted Data Vulnerability | CVE-2022-38111 | 7.2 Medium | 02/15/2023 | 02/15/2023 | SolarWinds Platform 2023.1 |
Reflected Cross-Site Scripting Vulnerability | CVE-2022-38110 | 6.3 Medium | 01/18/2023 | | Database Performance Analyzer 2023.1 |
Sensitive Information Disclosure Vulnerability | CVE-2022-38112 | 6.3 Medium | 01/18/2023 | | Database Performance Analyzer 2023.1 |
Sensitive Data Disclosure Vulnerability | CVE-2022-47512 | 6.0 Medium | 12/16/2022 | | Hybrid Cloud Observability / SolarWinds Platform 2022.4.1 |
Cross-Site Scripting Vulnerability in Serv-U Web Client | CVE-2022-38106 | 7.5 High | 12/15/2022 | | Serv-U 15.3.2 |
Common Key Vulnerability in Serv-U FTP Server | CVE-2021-35252 | 6.5 Medium | 12/15/2022 | | Serv-U 15.3.2 |
Insecure Methods Vulnerability | CVE-2022-38115 | 3.1 Low | 11/22/2022 | 11/22/2022 | SEM 2022.4 |
Client-Side Desync Vulnerability | CVE-2022-38114 | 3.7 Low | 11/22/2022 | 11/22/2022 | SEM 2022.4 |
Information Disclosure Vulnerability | CVE-2022-38113 | 3.1 Low | 11/22/2022 | 11/22/2022 | SEM 2022.4 |
SolarWinds Platform Command Injection | CVE-2022-36962 | 7.2 High | 11/22/2022 | | SolarWinds Platform 2022.4 |
SolarWinds Platform Deserialization of Untrusted Data | CVE-2022-36964 | 8.8 High | 11/22/2022 | | SolarWinds Platform 2022.4 |
Unprotected Transport of Credentials (HSTS) Vulnerability | CVE-2021-35246 | 5.3 Medium | 11/22/2022 | | Engineer’s Toolset 2022.4 Desktop |
SolarWinds Platform Improper Input Validation | CVE-2022-36960 | 8.8 High | 11/22/2022 | | SolarWinds Platform 2022.4 |
OpenSSL buffer overflows in punycode decoding functions | CVE-2022-3602 CVE-2022-3786 | 7.5 High 7.5 High | 11/01/2022 | 11/10/2022 | OpenSSL 3.0.7 |
Apache Commons Text4Shell Vulnerability | CVE-2022-42889 | 9.8 Critical | 10/26/2022 | 10/27/2022 | |
SolarWinds Platform Deserialization of Untrusted Data | CVE-2022-38108 | 7.2 High | 10/19/2022 | | SolarWinds Platform 2022.4 RC1 |
Insecure Direct Object Reference Vulnerability: SolarWinds Platform 2022.3 | CVE-2022-36966 | 5.9 Medium | 10/19/2022 | | SolarWinds
Platform 2022.4 RC1 |
SolarWinds Platform Deserialization of Untrusted Data | CVE-2022-36958 | 8.8 High | 10/19/2022 | | SolarWinds Platform 2022.4 RC1 |
SolarWinds Platform Deserialization of Untrusted Data | CVE-2022-36957 | 7.2 High | 10/19/2022 | | SolarWinds
Platform 2022.4 RC1 |
Sensitive Data Disclosure Vulnerability | CVE-2022-38107 | 4.3 Medium | 10/18/2022 | 10/18/2022 | SQL Sentry 2022.4 |
Stored and DOM XSS in QoE Applications: Orion Platform | CVE-2022-36965 | 7.1 High | 09/28/2022 | | SolarWinds Platform 2022.3 |
SQL Injection in Orion Platform | CVE-2022-36961 | 8.0 High | 09/28/2022 | |
SolarWinds Platform 2022.3 |
Hashed Credential Exposure Vulnerability | CVE-2021-35226 | 2.7 Low | 09/28/2022 | | Hybrid Cloud
Observability 2022.3 |
Domain Admin Broken Access Control | CVE-2021-35249 | 4.3 Medium | 05/17/2022 | | Serv-U 15.3.1 |
Cross-Site Scripting Vulnerability using SQL Query | CVE-2021-35229 | 6.8 High | 04/19/2022 | | DPA 2022.2 |
0-day Vulnerabilities in Spring | CVE-2022-22963 CVE-2022-22965 | N/A | 03/31/2022 | 04/11/2022 | 00.000 |
Authenticated Remote Code Execution in Web Help Desk 12.7.8 | CVE-2021-35254 | 8.2 High | 03/24/2022 | 03/24/2022 | Web Help Desk 12.7.8 HF1 |
Directory Transversal Vulnerability in Serv-U 15.3 | CVE-2021-35250 | 7.5 High | 03/02/2022 | 03/02/2022 | Serv-U 15.3 HF 1 |
Sensitive Data Disclosure Vulnerability | CVE-2021-35251 | 5.3 Medium | 02/15/2022 | 02/15/2022 | WHD 12.7.8 |
Improper Input Validation Vulnerability in Serv-U | CVE-2021-35247 | 4.3 Medium | 01/18/2022 | 01/18/2022 | Serv-U 15.3 |
HTTP PUT & DELETE Methods Enabled | CVE-2021-35243 | 5.3 Medium | 12/24/2021 | | Web Help Desk 12.7.7 HF1 |
Unrestricted access to Orion.UserSettings SWIS entity for low-privilege users | CVE-2021-35248 | 6.8 Medium | 12/20/2021 | | Orion 2020.2.6 HF3 |
Unrestricted File Upload Causing Remote Code Execution: Orion 2020.2.6 | CVE-2021-35244 | 6.8 High | 12/20/2021 | | Orion 2020.2.6 HF3 |
Exposed Dangerous Functions - Privileged Escalation | CVE-2021-35234 | 8.0 High | 12/20/2021 | | Orion Platform 2020.2.6 HF3 |
JMSAppender Associated with Log4j Vulnerability | CVE-2021-4104 | 8.1 High | 12/17/2021 | 12/17/2021 | |
JNDI Lookup Functionality Associated with Log4j Vulnerability | CVE-2021-45046 | 9.0 Critical | 12/14/2021 | 12/23/2021 | |
Apache Log4j Critical Vulnerability | CVE-2021-44228 | 10.0 Critical | 12/12/2021 | 01/14/2022 | |
A valid CSRF token is present in response to an invalid request | CVE-2021-35242 | 8.3 High | 12/03/2021 | 12/03/2021 | Serv-U 15.2.5 |
Broken Access Control Vulnerability for Serv-U | CVE-2021-35245 | 8.4 High | 12/02/2021 | 12/02/2021 | Serv-U 15.2.5 |
HTTP TRACK and TRACK Methods Enabled Vulnerability | CVE-2021-35233 | 5.3 Medium | 10/19/2021 | | Kiwi Syslog Server 9.8 |
Clickjacking Vulnerability | CVE-2021-35237 | 5.0 Medium | 10/19/2021 | | Kiwi Syslog Server 9.8 |
Missing Secure Flag from SSL Cookie Vulnerability | CVE-2021-35236 | 3.1 Low | 10/19/2021 | | Kiwi Syslog Server 9.8 |
ASP.NET Debug Feature Enabled Vulnerability | CVE-2021-35235 | 5.3 Medium | 10/19/2021 | | Kiwi Syslog Server 9.8 |
Unquoted Path Vulnerability - SMB Login | CVE-2021-35231 | 6.7 Medium | 10/19/2021 | | Kiwi Syslog Server 9.8 |
Unquoted Path Vulnerability (SMB Login) with Kiwi CatTools | CVE-2021-35230 | 6.7 Medium | 10/19/2021 | | Kiwi CatTools 3.12 |
Reflected Cross Site Scripting affecting SolarWinds: DPA 2021.3.7388 | CVE-2021-35228 | 5.5 Medium | 10/19/2021 | | DPA 2021.3.7438 |
Insecure Web Header Vulnerability - RabbitMQLogin | CVE-2021-35227 | 4.7 Medium | 10/19/2021 | | ARM 2021.4 |
NPM Netpath Horizontal Privilege Escalation Vulnerability | CVE-2021-35225 | 5.0 Medium | 10/19/2021 | | NPM 2020.2.6 HF2 |
Critical bug in SolarWinds Web Help Desk allows an attacker to execute Arbitrary Hibernate Queries | CVE-2021-35232 | 6.8 Medium | 09/13/2021 | | Web Help Desk 12.7.7 Hotfix 1 |
Pingdom Session Management Vulnerability | CVE-2021-35214 | 4.8 Medium | 09/13/2021 | | Pingdom |
Execute Command Function Allows RCE Vulnerability | CVE-2021-35223 | 8.5 High | 08/20/2021 | | Serv-U 15.2.4 |
Insecure Deserialization Of Untrusted Data Causing Remote Code Execution Vulnerability | CVE-2021-35217 | 8.9 High | 08/20/2021 | | Patch Manager 2020.2.6 HF1 |
Access Restriction Bypass Via Referrer Spoof - Business Logic Bypass Vulnerability | CVE-2021-32076 | 5.8 Medium | 08/20/2021 | | Web Help Desk 12.7.6 |
Stored XSS Via Help Server Setting Vulnerability | CVE-2021-35240 | 6.5 High | 07/20/2021 | 08/24/2021 | Orion Platform 2020.2.6 HF1 |
Stored XSS Via Maps Text Box Hyperlink Vulnerability | CVE-2021-35239 | 7.5 High | 07/20/2021 | 08/24/2021 | Orion Platform 2020.2.6 HF1 |
Stored XSS Through URL POST Parameter In CreateExternalWebsite Vulnerability | CVE-2021-35238 | 7.1 High | 07/20/2021 | 08/24/2021 | Orion Platform 2020.2.6 HF1 |
ActionPluginBaseView Deserialization of Untrusted Data RCE Vulnerability | CVE-2021-35215 | 8.9 High | 07/15/2021 | | Orion Platform 2020.2.6 |
Resource.aspx Reflected Cross-Site Scripting Vulnerability | CVE-2021-35222 | 8.0 High | 07/15/2021 | 08/24/2021 | Orion Platform 2020.2.6 HF1 |
ImportAlert Improper Access Control Tampering Vulnerability | CVE-2021-35221 | 6.3 Medium | 07/15/2021 | 08/24/2021 | Orion Platform 2020.2.6 HF 1 |
EmailWebPage Command Injection Remote Code Execution Vulnerability | CVE-2021-35220 | 8.1 High | 07/15/2021 | 08/24/2021 | Orion Platform 2020.2.6 HF1 |
ExportToPdfCmd Arbitrary File Read Information Disclosure Vulnerability | CVE-2021-35219 | 6.0 Medium | 07/15/2021 | 08/24/2021 | Orion Platform 2020.2.6 HF1 |
Chart Endpoint Deserialization of Untrusted Data RCE Vulnerability | CVE-2021-35218 | 8.9 High | 07/15/2021 | | Patch Manager 2020.2.6 |
Insecure Deserialization Of Untrusted Data Causing Remote Code Execution Vulnerability | CVE-2021-35216 | 8.9 High | 07/15/2021 | | Patch Manager 2020.2.6 |
Orion User setting Improper Access Control Privilege Escalation Vulnerability | CVE-2021-35213 | 8.9 High | 07/15/2021 | | Orion Platform 2020.2.6 |
Blind SQL Injection Vulnerability | CVE-2021-35212 | 8.9 High | 07/15/2021 | | Orion Platform 2020.2.5 HF1, 2020.2.6, 2019.4.2, 2019.2 HF4 |
Privilege Escalation Vulnerability | CVE-2021-31217 | 6.5 Medium | 07/15/2021 | | Dameware 12.2 |
Serv-U Remote Memory Escape Vulnerability | CVE-2021-35211 | 9.0 Critical | 07/09/2021 | 07/15/2021 | Serv-U 15.2.3 HF2 |
Broken Access Control On Node Management Vulnerability | CVE-2021-28674 | 4.6 Medium | 05/13/2021 | | Orion Platform 2020.2.6, 2020.2.5 HF1 |
SenderEmail Parameter XSS Vulnerability | CVE-2021-32604 | 6.9 Medium | 05/05/2021 | | Serv-U 15.2.3 |
SolarWinds Orion Job Scheduler Remote Code Execution Vulnerability | CVE-2021-31475 | 8.8 High | 03/25/2021 | | Orion Platform 2020.2.5 |
RCE via Actions and JSON Deserialization Vulnerability | CVE-2021-31474 | 9.1 Critical | 03/25/2021 | | Orion Platform 2020.2.5 |
Reverse Tabnabbing and Open Redirect Vulnerability | CVE-2021-3109 | 4.3 Medium | 03/25/2021 | | Orion Platform 2020.2.5 |
Deserialization of Untrusted Data Privilege Escalation Vulnerability | CVE-2021-27277 | 8.8 High | 03/25/2021 | 04/14/2021 | SAM 2020.2.5 |
SaveUserSetting Improper Access Control Privilege Escalation Vulnerability | CVE-2021-27258 | 8.9 High | 03/25/2021 | | Orion Platform 2020.2.4 |
Unprivileged Users can get DBO owner Access Vulnerability | CVE-2021-25275 | 8.2 High | 02/05/2021 | | Web Help Desk 12.7.7 HF1 |
MSMQ Remote Code Execution Vulnerability | CVE-2021-25274 | 8.3 High | 02/05/2021 | | Orion Platform 2020.2.4, 2019.4.2, 2019.2 HF4 |
Windows "Users" Directory Weak ACLs Vulnerability | CVE-2021-25276 | 8.8 High | 01/18/2021 | 02/04/2021 | Serv-U 15.2.2 HF 1 |
Deserialization of Untrusted Data Privilege Escalation Vulnerability | CVE-2021-27240 | 8.7 High | 12/15/2020 | | Patch Manager 2020.2.1 HF 1 |
Heap Memory Corruption With RSA Private Key Operation | CVE-2022-2274 | 9.8 Critical | | | |