SolarWinds — Vulnerabilities & Security Advisories 166

Browse all 166 CVE security advisories affecting SolarWinds. AI-powered Chinese analysis, POCs, and references for each vulnerability.

SolarWinds provides IT management and monitoring software, primarily serving enterprise networks through its Orion platform. Historically, its applications have exhibited vulnerabilities typical of complex enterprise suites, including remote code execution, cross-site scripting, and privilege escalation flaws. These weaknesses often stem from intricate integration points and legacy codebases. The most significant security incident occurred in 2020, when a supply chain attack compromised the software’s update mechanism, allowing threat actors to insert malicious code into legitimate updates. This breach affected numerous government agencies and private corporations, exposing sensitive data and compromising network integrity. The incident highlighted critical risks in software supply chains and led to widespread scrutiny of the company’s development and security practices. Consequently, SolarWinds has implemented stricter security controls and transparency measures to restore trust and mitigate future risks associated with its widely deployed infrastructure tools.

CVE ID	Title	CVSS	Severity	Published
CVE-2024-45718	Sensitive data disclosure vulnerability — Kiwi Syslog NGCWE-312	4.6	Medium	2025-02-11
CVE-2024-52606	SolarWinds Platform Server-Side Request Forgery Vulnerability — SolarWindsCWE-918	3.5	Low	2025-02-11
CVE-2024-28989	SolarWinds Web Help Desk Cryptographic Key Management Vulnerability — Web Help DeskCWE-321	5.5	Medium	2025-02-11
CVE-2024-45709	SolarWinds Web Help Desk Local File Read Vulnerability — Web Help DeskCWE-22	5.3	Medium	2024-12-10
CVE-2024-45717	SolarWinds Platform Cross- Site Scripting Vulnerability — SolarWinds PlatformCWE-79	7.0	High	2024-12-04
CVE-2024-45713	SolarWinds Kiwi CatTools Sensitive Information Disclosure Vulnerability — Kiwi CatToolsCWE-209	5.1	Medium	2024-10-17
CVE-2024-45711	SolarWinds Serv-U FTP Service Directory Traversal Remote Code Execution Vulnerability — Serv-UCWE-22	7.5	High	2024-10-16
CVE-2024-45714	SolarWinds Serv-U Stored XSS Vulnerability — Serv-UCWE-79	4.8	Medium	2024-10-16
CVE-2024-45715	SolarWinds Platform Edit Function Cross-Site Scripting Vulnerability — SolarWinds PlatformCWE-79	7.1	High	2024-10-16
CVE-2024-45710	SolarWinds Platform Uncontrolled Search Path Element Local Privilege Escalation Vulnerability — SolarWinds PlatformCWE-427	7.8	High	2024-10-16
CVE-2024-28991	SolarWinds Access Rights Manager (ARM) Deserialization of Untrusted Data Remote Code Execution — Access Rights ManagerCWE-502	9.0	Critical	2024-09-12
CVE-2024-28990	SolarWinds Access Rights Manager (ARM) Hardcoded Credentials Authentication Bypass Vulnerability — Access Rights ManagerCWE-798	6.3	Medium	2024-09-12
CVE-2024-28987	SolarWinds Web Help Desk Hardcoded Credential Vulnerability — Web Help DeskCWE-798	9.1	Critical	2024-08-21
CVE-2024-28986	SolarWinds Web Help Desk Java Deserialization Remote Code Execution Vulnerability — Web Help DeskCWE-502	9.8	Critical	2024-08-13
CVE-2024-23471	SolarWinds Access Rights Manager (ARM) CreateFile Directory Traversal Remote Code Execution Vulnerability — Access Rights ManagerCWE-287	9.6	Critical	2024-07-17
CVE-2024-23470	SolarWinds Access Rights Manager (ARM) UserScriptHumster Exposed Dangerous Method Remote Command Execution Vulnerability — Access Rights ManagerCWE-287	9.6	Critical	2024-07-17
CVE-2024-28074	SolarWinds Access Rights Manager (ARM) Internal Deserialization Remote Code Execution Vulnerability — Access Rights ManagerCWE-502	9.6	Critical	2024-07-17
CVE-2024-23467	SolarWinds Access Rights Manager Directory Traversal Remote Code Execution Vulnerability — Access Rights ManagerCWE-22	9.6	Critical	2024-07-17
CVE-2024-23466	SolarWinds Access Rights Manager Directory Traversal Remote Code Execution Vulnerability — Access Rights ManagerCWE-22	9.6	Critical	2024-07-17
CVE-2024-23465	SolarWinds Access Rights Manager (ARM) ChangeHumster Exposed Dangerous Method Authentication Bypass Vulnerability — Access Rights ManagerCWE-287	8.3	High	2024-07-17
CVE-2024-23469	SolarWinds Access Rights Manager Exposed Dangerous Method Remote Code Execution Vulnerability — Access Rights ManagerCWE-20	9.6	Critical	2024-07-17
CVE-2024-23475	SolarWinds Access Rights Manager Directory Traversal and Information Disclosure Vulnerability — Access Rights ManagerCWE-22	9.6	Critical	2024-07-17
CVE-2024-23472	SolarWinds Access Rights Manager Directory Traversal Arbitrary File Deletion and Information Disclosure Vulnerability — Access Rights ManagerCWE-22	9.6	Critical	2024-07-17
CVE-2024-28993	SolarWinds Access Rights Manager Directory Traversal and Information Disclosure Vulnerability — Access Rights ManagerCWE-22	7.6	High	2024-07-17
CVE-2024-28992	SolarWinds Access Rights Manager Directory Traversal and Information Disclosure Vulnerability — Access Rights ManagerCWE-287	7.6	High	2024-07-17
CVE-2024-23468	SolarWinds Access Rights Manager Directory Traversal and Information Disclosure Vulnerability — Access Rights ManagerCWE-22	7.6	High	2024-07-17
CVE-2024-23474	SolarWinds Access Rights Manager (ARM) deleteTransferFile Directory Traversal Arbitrary File Deletion and Information Disclosure Vulnerability — Access Rights ManagerCWE-22	7.6	High	2024-07-17
CVE-2024-28995	SolarWinds Serv-U L Directory Transversal Vulnerability — SolarWinds Serv-UCWE-22	8.6	High	2024-06-06
CVE-2024-28996	SolarWinds Platform SWQL Injection Vulnerability — SolarWinds Platform CWE-89	7.5	High	2024-06-04
CVE-2024-29000	SolarWinds Platform Reflected XSS Vulnerability — SolarWinds Platform CWE-79	7.9	High	2024-05-20

This page lists every published CVE security advisory associated with SolarWinds. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

SolarWinds — Vulnerabilities & Security Advisories 166