Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

SolarWinds — Vulnerabilities & Security Advisories 166

Browse all 166 CVE security advisories affecting SolarWinds. AI-powered Chinese analysis, POCs, and references for each vulnerability.

SolarWinds provides IT management and monitoring software, primarily serving enterprise networks through its Orion platform. Historically, its applications have exhibited vulnerabilities typical of complex enterprise suites, including remote code execution, cross-site scripting, and privilege escalation flaws. These weaknesses often stem from intricate integration points and legacy codebases. The most significant security incident occurred in 2020, when a supply chain attack compromised the software’s update mechanism, allowing threat actors to insert malicious code into legitimate updates. This breach affected numerous government agencies and private corporations, exposing sensitive data and compromising network integrity. The incident highlighted critical risks in software supply chains and led to widespread scrutiny of the company’s development and security practices. Consequently, SolarWinds has implemented stricter security controls and transparency measures to restore trust and mitigate future risks associated with its widely deployed infrastructure tools.

Top products by SolarWinds: Access Rights Manager SolarWinds Platform Orion Platform Web Help Desk Serv-U SolarWinds Observability Self-Hosted Kiwi Syslog Server Patch Manager Database Performance Analyzer Network Configuration Manager Network Performance Monitor Database Performance Analyzer (DPA) ServU SolarWinds Platform Kiwi CatTools SolarWinds SolarWinds Serv-U DPA Kiwi Syslog NG Service Desk Hybrid Cloud Observability (HCO)/ SolarWinds Platform Server & Application Monitor (SAM) Dameware Mini Remote Control Service Observability Self-Hosted SQL Sentry Serv-U File Server WebHelpDesk Serv-U FTP Server Orion Engineer's Toolset
CVE IDTitleCVSSSeverityPublished
CVE-2021-35239 Stored XSS in Maps text box hyperlink Vulnerability — Orion PlatformCWE-79 7.5 High2021-08-31
CVE-2021-35222 Resource.aspx Reflected Cross-Site Scripting Vulnerability — Orion PlatformCWE-79 8.0 High2021-08-31
CVE-2021-35221 ImportAlert Improper Access Control Tampering Vulnerability — Orion PlatformCWE-284 6.3 Medium2021-08-31
CVE-2021-35220 EmailWebPage Command Injection RCE — Orion Platform 8.1 High2021-08-31
CVE-2021-35219 ExportToPdfCmd Arbitrary File Read Information Disclosure Vulnerability — Orion Platform 6.0 Medium2021-08-31
CVE-2021-32076 Access Restriction bypass vulnerability via referrer spoof - Business Logic Bypass — Web Help DeskCWE-290 5.3 Medium2021-08-26
CVE-2021-35211 Serv-U Remote Memory Escape Vulnerability — Serv-U Managed File Transfer Server and Serv-U Secured FTP 9.0 Critical2021-07-14
CVE-2021-31474 SolarWinds Network Performance Monitor 代码问题漏洞 — Network Performance MonitorCWE-502 9.8 -2021-05-21
CVE-2021-31475 SolarWinds Orion Job Scheduler 安全漏洞 — Orion Job SchedulerCWE-732 8.8 -2021-05-21
CVE-2021-27277 Solarwinds Orion Virtual Infrastructure Monitor 代码问题漏洞 — Orion Virtual Infrastructure MonitorCWE-502 7.8 -2021-04-22
CVE-2021-27258 Solarwinds Orion Platform 安全漏洞 — Orion PlatformCWE-284 9.8 -2021-04-14
CVE-2021-27240 solarwinds Patch Manager 代码问题漏洞 — Patch ManagerCWE-502 7.8 -2021-03-29
CVE-2020-27869 SolarWinds Network Performance Monitor SQL注入漏洞 — Network Performance MonitorCWE-89 8.8 -2021-02-11
CVE-2020-27871 Solarwinds SolarWinds Orion Platform 路径遍历漏洞 — Orion PlatformCWE-22 8.8 -2021-02-10
CVE-2020-27870 Solarwinds SolarWinds Orion Platform 路径遍历漏洞 — Orion PlatformCWE-22 6.5 -2021-02-10
CVE-2020-10148 SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands — Orion PlatformCWE-288 9.8 -2020-12-29

This page lists every published CVE security advisory associated with SolarWinds. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.