SolarWinds — Vulnerabilities & Security Advisories 166

Browse all 166 CVE security advisories affecting SolarWinds. AI-powered Chinese analysis, POCs, and references for each vulnerability.

SolarWinds provides IT management and monitoring software, primarily serving enterprise networks through its Orion platform. Historically, its applications have exhibited vulnerabilities typical of complex enterprise suites, including remote code execution, cross-site scripting, and privilege escalation flaws. These weaknesses often stem from intricate integration points and legacy codebases. The most significant security incident occurred in 2020, when a supply chain attack compromised the software’s update mechanism, allowing threat actors to insert malicious code into legitimate updates. This breach affected numerous government agencies and private corporations, exposing sensitive data and compromising network integrity. The incident highlighted critical risks in software supply chains and led to widespread scrutiny of the company’s development and security practices. Consequently, SolarWinds has implemented stricter security controls and transparency measures to restore trust and mitigate future risks associated with its widely deployed infrastructure tools.

CVE ID	Title	CVSS	Severity	Published
CVE-2024-23473	SolarWinds Access Rights Manager (ARM) Hard-Coded Credentials Authentication Bypass Vulnerability — Access Rights ManagerCWE-798	8.6	High	2024-05-09
CVE-2024-28075	SolarWinds ARM Deserialization of Untrusted Data Remote Code Execution — Access Rights ManagerCWE-502	9.0	Critical	2024-05-09
CVE-2024-28073	SolarWinds Serv-U Directory Traversal Remote Code Execution Vulnerability — ServUCWE-22	8.4	High	2024-04-17
CVE-2023-40057	SolarWinds Access Rights Manager (ARM) Deserialization of Untrusted Data Remote Code Execution — Access Rights ManagerCWE-502	9.0	Critical	2024-02-15
CVE-2024-23477	SolarWinds Access Rights Manager (ARM) Directory Traversal Remote Code Execution Vulnerability — Access Rights ManagerCWE-22	7.9	High	2024-02-15
CVE-2024-23476	SolarWinds Access Rights Manager (ARM) Directory Traversal Remote Code Execution Vulnerability — Access Rights ManagerCWE-22	9.6	Critical	2024-02-15
CVE-2024-23478	SolarWinds Access Rights Manager (ARM) Deserialization of Untrusted Data Remote Code Execution — Access Rights ManagerCWE-502	8.0	High	2024-02-15
CVE-2024-23479	SolarWinds Access Rights Manager (ARM) Directory Traversal Remote Code Execution Vulnerability — Access Rights ManagerCWE-22	9.6	Critical	2024-02-15
CVE-2023-40058	Sensitive Information Disclosure Vulnerability — Access Rights ManagerCWE-200	6.5	Medium	2023-12-21
CVE-2023-40053	HTML injection Vulnerability in Serv-U 15.4 — Serv-UCWE-20	5.0	Medium	2023-12-06
CVE-2023-33228	SolarWinds Network Configuration Manager Sensitive Information Disclosure Vulnerability — Network Configuration ManagerCWE-311	4.5	Medium	2023-11-01
CVE-2023-35181	SolarWinds Access Rights Manager Incorrect Default Permissions Local Privilege Escalation Vulnerability — Access Rights ManagerCWE-276	7.8	High	2023-10-19
CVE-2023-35187	SolarWinds Access Rights Manager Directory Traversal Remote Code Execution Vulnerability — Access Rights ManagerCWE-22	8.8	High	2023-10-19
CVE-2023-35185	SolarWinds Access Rights Manager OpenFile Directory Traversal Remote Code Execution Vulnerability — Access Rights ManagerCWE-22	6.8	Medium	2023-10-19
CVE-2023-35183	SolarWinds Access Rights Manager Incorrect Default Permissions Local Privilege Escalation Vulnerability — Access Rights ManagerCWE-276	7.8	High	2023-10-19
CVE-2023-35180	SolarWinds Access Rights Manager Deserialization of Untrusted Data Remote Code Execution Vulnerability — Access Rights ManagerCWE-502	8.0	High	2023-10-19
CVE-2023-35182	SolarWinds Access Rights Manager Deserialization of Untrusted Data Remote Code Execution Vulnerability — Access Rights ManagerCWE-502	8.8	High	2023-10-19
CVE-2023-35184	SolarWinds Access Rights Manager Deserialization of Untrusted Data Remote Code Execution Vulnerability — Access Rights ManagerCWE-502	8.8	High	2023-10-19
CVE-2023-35186	SolarWinds Access Rights Manager Deserialization of Untrusted Data Remote Code Execution Vulnerability — Access Rights ManagerCWE-502	8.0	High	2023-10-19
CVE-2023-23845	SolarWinds Platform Exposed Dangerous Method Vulnerability — SolarWinds PlatformCWE-697	6.8	Medium	2023-09-13
CVE-2023-23840	SolarWinds Platform Exposed Dangerous Method Vulnerability — SolarWinds PlatformCWE-697	6.8	Medium	2023-09-13
CVE-2023-23842	SolarWinds Network Configuration Manager Directory Traversal Vulnerability — Network Configuration ManagerCWE-22	7.2	High	2023-07-26
CVE-2023-33229	SolarWinds Platform Incorrect Input Neutralization Vulnerability — SolarWinds PlatformCWE-94	3.5	Low	2023-07-26
CVE-2023-23843	SolarWinds Platform Incorrect Comparison Vulnerability — SolarWinds PlatformCWE-697	7.2	High	2023-07-26
CVE-2023-33224	SolarWinds Platform Incorrect Behavior Order Vulnerability — SolarWinds PlatformCWE-696	7.2	High	2023-07-26
CVE-2023-33225	SolarWinds Platform Deserialization of Untrusted Data Vulnerability — SolarWinds PlatformCWE-697	7.2	High	2023-07-26
CVE-2023-23844	SolarWinds Platform Incomplete List of Disallowed Inputs Vulnerability — SolarWinds PlatformCWE-184	7.2	High	2023-07-26
CVE-2023-33231	XSS in SolarWinds Database Performance Analyzer 2023.2 — DPACWE-79	6.1	Medium	2023-07-18
CVE-2023-23841	SolarWinds Serv-U Exposure of Sensitive Information Vulnerability — ServUCWE-319	7.5	High	2023-06-15
CVE-2023-23839	SolarWinds Platform Exposure of Sensitive Information Vulnerability — SolarWinds PlatformCWE-200	6.5	Medium	2023-04-25

This page lists every published CVE security advisory associated with SolarWinds. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

SolarWinds — Vulnerabilities & Security Advisories 166