solarwinds

320 tracked vulnerabilities.

CVE-2022-38106 MEDIUM
SolarWinds Serv-U 15.3.0-15.3.1 - Cross-Site Scripting in Directory Creation Function
Dec 16, 2022
CVSS 5.4
EPSS 0.05
CVE-2022-36964 HIGH
SolarWinds Orion Platform - Authenticated Remote Code Execution via Untrusted Data Deserialization
Nov 29, 2022
CVSS 8.8
EPSS 0.03
CVE-2022-36962 HIGH
SolarWinds Orion Platform - OS Command Injection
Nov 29, 2022
CVSS 7.2
EPSS 0.02
CVE-2022-36960 HIGH
SolarWinds Orion Platform - Authenticated Privilege Escalation via Improper Input Validation
Nov 29, 2022
CVSS 8.8
EPSS 0.00
CVE-2022-38115 MEDIUM
SolarWinds Security Event Manager < 2022.2 - Insecure HTTP Method Exposure
Nov 23, 2022
CVSS 5.3
EPSS 0.01
CVE-2022-38114 MEDIUM
SolarWinds Security Event Manager - HTTP Request Smuggling and XSS
Nov 23, 2022
CVSS 6.1
EPSS 0.01
CVE-2022-38113 MEDIUM
SolarWinds Security Event Manager - Information Exposure via Server Response Header
Nov 23, 2022
CVSS 5.3
EPSS 0.01
CVE-2022-38108 HIGH
SolarWinds Platform - Code Injection
Oct 20, 2022
CVSS 7.2
EPSS 0.89
CVE-2022-36966 MEDIUM
SolarWinds Orion Platform < 2022.4 - Insecure Direct Object Reference via Node Management URL Parameter
Oct 20, 2022
CVSS 5.4
EPSS 0.00
CVE-2022-36958 HIGH
SolarWinds Orion Platform - Authenticated Remote Code Execution via Untrusted Data Deserialization
Oct 20, 2022
CVSS 8.8
EPSS 0.15
CVE-2022-36957 HIGH
SolarWinds Orion Platform - Authenticated Remote Code Execution via Untrusted Data Deserialization
Oct 20, 2022
CVSS 7.2
EPSS 0.02
CVE-2022-38107 MEDIUM
SolarWinds SQL Sentry < 2021.18.10 - Sensitive Information Disclosure via Error Message
Oct 19, 2022
CVSS 5.3
EPSS 0.01
CVE-2022-36965 MEDIUM
SolarWinds Platform < 2022.3.0 - Stored and DOM-Based Cross-Site Scripting in QoE Application Input Field
Sep 30, 2022
CVSS 6.1
EPSS 0.03
CVE-2022-36961 HIGH
SolarWinds Orion Platform < 2022.2.0 - Authenticated SQL Injection
Sep 30, 2022
CVSS 8.8
EPSS 0.12
CVE-2021-35252 HIGH
Serv-U FTP Server - Info Disclosure
Dec 16, 2022
CVSS 7.5
EPSS 0.00
CVE-2021-35246 MEDIUM
SolarWinds Engineer's Toolset - Cleartext Transmission
Nov 23, 2022
CVSS 5.3
EPSS 0.00
CVE-2021-35226 MEDIUM
Network Configuration Manager - Info Disclosure
Oct 10, 2022
CVSS 6.5
EPSS 0.00
CVE-2021-35249 MEDIUM
SolarWinds Serv-U < 15.3.1 - Unauthorized Domain Data Access via Broken Access Control
May 17, 2022
CVSS 4.3
EPSS 0.00
CVE-2021-35250 HIGH NUCLEI
SolarWinds Serv-U 15.3 - Path Traversal
Apr 25, 2022
CVSS 7.5
EPSS 0.81
CVE-2021-35229 MEDIUM
Database Performance Monitor <2022.1.7779 - XSS
Apr 21, 2022
CVSS 6.8
EPSS 0.01
CVE-2021-35254 HIGH
SolarWinds WebHelpDesk - Improper Input Validation
Mar 25, 2022
CVSS 8.2
EPSS 0.00
CVE-2021-35251 MEDIUM
SolarWinds Web Help Desk < 12.7.8 - Sensitive Information Disclosure via Detailed Error Messages
Mar 10, 2022
CVSS 5.3
EPSS 0.01
CVE-2021-35247 MEDIUM KEV
SolarWinds Serv-U - Info Disclosure
Jan 10, 2022
CVSS 4.3
EPSS 0.05
CVE-2021-35232 MEDIUM
SolarWinds Web Help Desk - Info Disclosure
Dec 27, 2021
CVSS 6.8
EPSS 0.00
CVE-2021-35243 MEDIUM
Web Help Desk <12.7.7 - Info Disclosure
Dec 23, 2021
CVSS 5.3
EPSS 0.01
Products
orion_platform 49 serv-u 39 access_rights_manager 32 solarwinds_platform 27 serv-u_file_server 20 web_help_desk 20 serv-u_ftp_server 11 database_performance_analyzer 10 n-central 9 orion_network_performance_monitor 9 network_performance_monitor 8 observability_self-hosted 8 dameware_mini_remote_control 7 network_configuration_manager 7 tftp_server 6 webhelpdesk 6 kiwi_syslog_server 5 log_and_event_manager 5 orion_web_performance_monitor 4 security_event_manager 4 log_\&_event_manager 3 patch_manager 3 server_and_application_monitor 3 storage_manager 3 virtualization_manager 3 SolarWinds Observability Self-Hosted 2 ftp_voyager 2 kiwi_cattools 2 netpath 2 serv-u_mft_server 2
Quick Filters
Critical CVEs With Exploits In CISA KEV