Filtered by vendor Solarwinds
Subscriptions
Total
292 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-26400 | 1 Solarwinds | 1 Web Help Desk | 2025-07-30 | 5.3 Medium |
| SolarWinds Web Help Desk was reported to be affected by an XML External Entity Injection (XXE) vulnerability that could lead to information disclosure. A valid, low-privilege access is required unless the attacker had access to the local server to modify configuration files. | ||||
| CVE-2016-3643 | 1 Solarwinds | 1 Virtualization Manager | 2025-07-30 | 7.8 High |
| SolarWinds Virtualization Manager 6.3.1 and earlier allow local users to gain privileges by leveraging a misconfiguration of sudo, as demonstrated by "sudo cat /etc/passwd." | ||||
| CVE-2020-10148 | 1 Solarwinds | 1 Orion Platform | 2025-07-30 | 9.8 Critical |
| The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. This vulnerability could allow a remote attacker to bypass authentication and execute API commands which may result in a compromise of the SolarWinds instance. SolarWinds Orion Platform versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1 are affected. | ||||
| CVE-2021-35211 | 1 Solarwinds | 1 Serv-u | 2025-07-30 | 9 Critical |
| Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability. If exploited, a threat actor may be able to gain privileged access to the machine hosting Serv-U Only. SolarWinds Serv-U Managed File Transfer and Serv-U Secure FTP for Windows before 15.2.3 HF2 are affected by this vulnerability. | ||||
| CVE-2021-35247 | 1 Solarwinds | 1 Serv-u | 2025-07-30 | 4.3 Medium |
| Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized. SolarWinds has updated the input mechanism to perform additional validation and sanitization. Please Note: No downstream affect has been detected as the LDAP servers ignored improper characters. To insure proper input validation is completed in all environments. SolarWinds recommends scheduling an update to the latest version of Serv-U. | ||||
| CVE-2024-28995 | 1 Solarwinds | 1 Serv-u | 2025-07-30 | 8.6 High |
| SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine. | ||||
| CVE-2024-28986 | 1 Solarwinds | 2 Web Help Desk, Webhelpdesk | 2025-07-30 | 9.8 Critical |
| SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing. However, out of an abundance of caution, we recommend all Web Help Desk customers apply the patch, which is now available. | ||||
| CVE-2024-28987 | 1 Solarwinds | 2 Web Help Desk, Webhelpdesk | 2025-07-30 | 9.1 Critical |
| The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data. | ||||
| CVE-2023-33225 | 1 Solarwinds | 1 Solarwinds Platform | 2025-07-09 | 7.2 High |
| The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with SYSTEM privileges. | ||||
| CVE-2023-50395 | 1 Solarwinds | 1 Solarwinds Platform | 2025-06-13 | 8 High |
| SQL Injection Remote Code Execution Vulnerability was found using an update statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited | ||||
| CVE-2022-36965 | 1 Solarwinds | 1 Solarwinds Platform | 2025-05-20 | 6.1 Medium |
| Insufficient sanitization of inputs in QoE application input field could lead to stored and Dom based XSS attack. This issue is fixed and released in SolarWinds Platform (2022.3.0). | ||||
| CVE-2022-36961 | 1 Solarwinds | 1 Orion Platform | 2025-05-20 | 8.8 High |
| A vulnerable component of Orion Platform was vulnerable to SQL Injection, an authenticated attacker could leverage this for privilege escalation or remote code execution. | ||||
| CVE-2023-35188 | 1 Solarwinds | 1 Solarwinds Platform | 2025-05-15 | 8 High |
| SQL Injection Remote Code Execution Vulnerability was found using a create statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited. | ||||
| CVE-2022-38107 | 1 Solarwinds | 1 Sql Sentry | 2025-05-08 | 5.3 Medium |
| Sensitive information could be displayed when a detailed technical error message is posted. This information could disclose environmental details. | ||||
| CVE-2022-38108 | 1 Solarwinds | 1 Orion Platform | 2025-05-08 | 7.2 High |
| SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands. | ||||
| CVE-2022-36958 | 1 Solarwinds | 1 Orion Platform | 2025-05-08 | 8.8 High |
| SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands. | ||||
| CVE-2022-36966 | 1 Solarwinds | 1 Orion Platform | 2025-05-07 | 5.4 Medium |
| Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds Platform 2022.3 and previous. | ||||
| CVE-2022-36957 | 1 Solarwinds | 1 Orion Platform | 2025-05-05 | 7.2 High |
| SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands. | ||||
| CVE-2022-38113 | 1 Solarwinds | 1 Security Event Manager | 2025-04-25 | 5.3 Medium |
| This vulnerability discloses build and services versions in the server response header. | ||||
| CVE-2022-38114 | 1 Solarwinds | 1 Security Event Manager | 2025-04-25 | 6.1 Medium |
| This vulnerability occurs when a web server fails to correctly process the Content-Length of POST requests. This can lead to HTTP request smuggling or XSS. | ||||