Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

SolarWinds — Vulnerabilities & Security Advisories 166

Browse all 166 CVE security advisories affecting SolarWinds. AI-powered Chinese analysis, POCs, and references for each vulnerability.

SolarWinds provides IT management and monitoring software, primarily serving enterprise networks through its Orion platform. Historically, its applications have exhibited vulnerabilities typical of complex enterprise suites, including remote code execution, cross-site scripting, and privilege escalation flaws. These weaknesses often stem from intricate integration points and legacy codebases. The most significant security incident occurred in 2020, when a supply chain attack compromised the software’s update mechanism, allowing threat actors to insert malicious code into legitimate updates. This breach affected numerous government agencies and private corporations, exposing sensitive data and compromising network integrity. The incident highlighted critical risks in software supply chains and led to widespread scrutiny of the company’s development and security practices. Consequently, SolarWinds has implemented stricter security controls and transparency measures to restore trust and mitigate future risks associated with its widely deployed infrastructure tools.

Top products by SolarWinds: Access Rights Manager SolarWinds Platform Orion Platform Web Help Desk Serv-U SolarWinds Observability Self-Hosted Kiwi Syslog Server Patch Manager Database Performance Analyzer Network Configuration Manager Network Performance Monitor Database Performance Analyzer (DPA) ServU SolarWinds Platform Kiwi CatTools SolarWinds SolarWinds Serv-U DPA Kiwi Syslog NG Service Desk Hybrid Cloud Observability (HCO)/ SolarWinds Platform Server & Application Monitor (SAM) Dameware Mini Remote Control Service Observability Self-Hosted SQL Sentry Serv-U File Server WebHelpDesk Serv-U FTP Server Orion Engineer's Toolset
CVE IDTitleCVSSSeverityPublished
CVE-2023-23838 Directory traversal and file enumeration vulnerability: Database Performance Analyzer (DPA) 2023.1 — Database Performance Analyzer 6.5 Medium2023-04-25
CVE-2023-23837 No Exception Handling Vulnerability: Database Performance Analyzer (DPA) 2023.1 — Database Performance Analyzer 7.5 High2023-04-25
CVE-2022-47509 SolarWinds Platform Incorrect Input Neutralization Vulnerability — SolarWinds PlatformCWE-79 6.1 Medium2023-04-21
CVE-2022-47505 SolarWinds Platform Local Privilege Escalation Vulnerability — SolarWinds PlatformCWE-269 7.8 High2023-04-21
CVE-2022-38111 SolarWinds Platform Deserialization of Untrusted Data Vulnerability — SolarWinds PlatformCWE-502 7.2 High2023-02-15
CVE-2022-47503 SolarWinds Platform Deserialization of Untrusted Data Vulnerability — SolarWinds PlatformCWE-502 7.2 High2023-02-15
CVE-2022-47504 SolarWinds Platform Deserialization of Untrusted Data Vulnerability — SolarWinds PlatformCWE-502 7.2 High2023-02-15
CVE-2022-47506 SolarWinds Platform Directory Traversal Vulnerability — SolarWinds PlatformCWE-22 7.8 High2023-02-15
CVE-2022-47507 SolarWinds Platform Deserialization of Untrusted Data Vulnerability — SolarWinds PlatformCWE-502 7.2 High2023-02-15
CVE-2022-47508 Disable NTLM: SAM 2022.4 — Server & Application Monitor (SAM)CWE-287 7.5 High2023-02-15
CVE-2023-23836 SolarWinds Platform Deserialization of Untrusted Data Vulnerability — SolarWinds PlatformCWE-502 7.2 High2023-02-15
CVE-2022-38110 Reflected Cross-Site Scripting Vulnerability — Database Performance Analyzer (DPA)CWE-79 5.4 Medium2023-01-20
CVE-2022-38112 Sensitive Information Disclosure Vulnerability — Database Performance Analyzer (DPA)CWE-312 7.5 High2023-01-20
CVE-2022-47512 Sensitive Data Disclosure Vulnerability — Hybrid Cloud Observability (HCO)/ SolarWinds PlatformCWE-312 5.5 Medium2022-12-21
CVE-2021-35252 Common Key Vulnerability in Serv-U FTP Server — Serv-U FTP ServerCWE-798 7.5 High2022-12-16
CVE-2022-38106 Cross-Site Scripting Vulnerability in Serv-U Web Client — Serv-U File ServerCWE-79 5.4 Medium2022-12-16
CVE-2022-36964 SolarWinds Platform Deserialization of Untrusted Data — SolarWinds PlatformCWE-502 8.8 High2022-11-29
CVE-2022-36962 SolarWinds Platform Command Injection — SolarWinds PlatformCWE-78 7.2 High2022-11-29
CVE-2022-36960 SolarWinds Platform Improper Input Validation — SolarWinds PlatformCWE-287 8.8 High2022-11-29
CVE-2021-35246 Unprotected Transport of Credentials (HSTS) Vulnerability — Engineer's ToolsetCWE-319 5.3 Medium2022-11-23
CVE-2022-38108 SolarWinds Platform Deserialization of Untrusted Data — SolarWinds PlatformCWE-502 7.2 High2022-10-20
CVE-2022-36958 SolarWinds Platform Deserialization of Untrusted Data — SolarWinds PlatformCWE-502 8.8 High2022-10-20
CVE-2022-36957 SolarWinds Platform Deserialization of Untrusted Data — SolarWinds PlatformCWE-502 7.2 High2022-10-20
CVE-2022-36966 Insecure Direct Object Reference Vulnerability: Orion Platform 2020.2.6 — SolarWinds Platform 5.4 Medium2022-10-20
CVE-2022-38107 Sensitive Data Disclosure Vulnerability — SQL SentryCWE-209 5.3 Medium2022-10-19
CVE-2021-35226 Hashed Credential Exposure Vulnerability — Network Configuration ManagerCWE-326 6.5 Medium2022-10-10
CVE-2022-36965 Stored and DOM XSS in QoE Applications: Orion Platform — Orion Platform 6.1 Medium2022-09-30
CVE-2022-36961 Orion Platform SQL Injection Privilege Escalation Vulnerability — Orion PlatformCWE-89 8.8 High2022-09-30
CVE-2021-35249 Domain Admin Broken Access Control — Serv-UCWE-284 4.3 Medium2022-05-17
CVE-2021-35250 Directory Transversal Vulnerability in Serv-U 15.3 — Serv-UCWE-22 7.5 High2022-04-25

This page lists every published CVE security advisory associated with SolarWinds. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.