Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

SolarWinds — Vulnerabilities & Security Advisories 22

Browse all 22 CVE security advisories affecting SolarWinds . AI-powered Chinese analysis, POCs, and references for each vulnerability.

SolarWinds provides IT management and monitoring software, primarily serving enterprise networks through its Orion platform. Historically, its applications have exhibited vulnerabilities typical of complex enterprise suites, including remote code execution, cross-site scripting, and privilege escalation flaws. These weaknesses often stem from intricate integration points and legacy codebases. The most significant security incident occurred in 2020, when a supply chain attack compromised the software’s update mechanism, allowing threat actors to insert malicious code into legitimate updates. This breach affected numerous government agencies and private corporations, exposing sensitive data and compromising network integrity. The incident highlighted critical risks in software supply chains and led to widespread scrutiny of the company’s development and security practices. Consequently, SolarWinds has implemented stricter security controls and transparency measures to restore trust and mitigate future risks associated with its widely deployed infrastructure tools.

Top products by SolarWinds : SolarWinds Platform Network Configuration Manager SolarWinds SEM Serv-U SolarWinds Platform Serv-U Security Event Manager
CVE IDTitleCVSSSeverityPublished
CVE-2024-29004 SolarWinds Platform Stored XSS Vulnerability — SolarWinds Platform CWE-79 7.1 High2024-06-04
CVE-2024-28999 SolarWinds Platform Race Condition Vulnerability — SolarWinds PlatformCWE-362 6.4 Medium2024-06-04
CVE-2024-28072 Arbitrary File Overwrite Vulnerability — Serv-UCWE-532 5.7 Medium2024-05-03
CVE-2024-29003 SolarWinds Platform Cross Site Scripting Vulnerability — SolarWinds Platform CWE-79 7.5 High2024-04-18
CVE-2024-29001 SolarWinds Platform SWQL Injection Vulnerability — SolarWinds Platform CWE-89 7.5 High2024-04-18
CVE-2024-28076 SolarWinds Platform Arbitrary Open Redirection Vulnerability — SolarWinds PlatformCWE-601 7.0 High2024-04-18
CVE-2024-0692 SolarWinds Security Event Manager Deserialization of Untrusted Data Remote Code Execution Vulnerability — Security Event Manager CWE-502 8.8 High2024-03-01
CVE-2023-35188 SQL Injection Remote Code Execution Vulnerability — SolarWinds Platform CWE-89 8.0 High2024-02-06
CVE-2023-50395 SQL Injection Remote Code Execution Vulnerability — SolarWinds Platform CWE-89 8.0 High2024-02-06
CVE-2023-40056 SolarWinds Platform SQL Injection Remote Code Execution Vulnerability — SolarWinds Platform CWE-89 8.0 High2023-11-28
CVE-2023-40055 SolarWinds Network Configuration Manager Directory Traversal Remote Code Execution Vulnerability — Network Configuration ManagerCWE-22 8.0 High2023-11-09
CVE-2023-40054 SolarWinds Network Configuration Manager Directory Traversal Remote Code Execution Vulnerability — Network Configuration ManagerCWE-22 8.0 High2023-11-09
CVE-2023-33227 Directory Traversal Remote Code Execution Vulnerability — Network Configuration ManagerCWE-22 8.0 High2023-11-01
CVE-2023-33226 Directory Traversal Remote Code Execution Vulnerability — Network Configuration ManagerCWE-22 8.0 High2023-11-01
CVE-2023-40061 Insecure Job Execution Mechanism Vulnerability — SolarWinds Platform CWE-20 8.8 High2023-11-01
CVE-2023-40062 Incomplete List of Disallowed Inputs Remote Code Execution Vulnerability — SolarWinds Platform CWE-20 8.0 High2023-11-01
CVE-2023-40060 2FA/MFA Bypass Vulnerability in Serv-U 15.4 and 15.4 Hotfix 1 — Serv-UCWE-284 7.2 High2023-09-07
CVE-2023-35179 2FA/MFA Bypass Vulnerability in Serv-U 15.4 — Serv-U CWE-284 7.2 High2023-08-10
CVE-2023-3622 Access Control Bypass Vulnerability in the SolarWinds Platform — SolarWinds Platform CWE-287 4.3 Medium2023-07-26
CVE-2022-38113 Information Disclosure Vulnerability — SolarWinds SEM CWE-200 5.3 Medium2022-11-23
CVE-2022-38115 Insecure Methods Vulnerability — SolarWinds SEM CWE-650 5.3 Medium2022-11-23
CVE-2022-38114 Client-Side Desync Vulnerability — SolarWinds SEM CWE-444 6.1 Medium2022-11-23

This page lists every published CVE security advisory associated with SolarWinds . Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.