目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1000 CNY

100.0%
コーヒーを一杯おごる

SolarWinds 厂商漏洞列表 / CVE 中文分析 166

SolarWinds 厂商相关 166 条 CVE 漏洞,含 AI 中文分析、POC、CVSS 评分与受影响产品。

SolarWinds 主要提供 IT 基础设施监控与管理软件,其核心产品 Orion 平台广泛用于企业网络运维。历史漏洞多涉及远程代码执行、身份验证绕过及 SQL 注入,累计收录 166 条 CVE。2020 年爆发的供应链攻击事件尤为瞩目,攻击者通过篡改软件更新植入恶意代码,导致全球数千家机构数据泄露,凸显了第三方组件信任链的安全风险,促使行业加强软件供应链审查机制。

上位製品 SolarWinds: Access Rights Manager SolarWinds Platform Orion Platform Web Help Desk Serv-U SolarWinds Observability Self-Hosted Kiwi Syslog Server Patch Manager Database Performance Analyzer Network Configuration Manager Network Performance Monitor Database Performance Analyzer (DPA) ServU SolarWinds Platform Kiwi CatTools SolarWinds SolarWinds Serv-U DPA Kiwi Syslog NG Service Desk Hybrid Cloud Observability (HCO)/ SolarWinds Platform Server & Application Monitor (SAM) Dameware Mini Remote Control Service Observability Self-Hosted SQL Sentry Serv-U File Server WebHelpDesk Serv-U FTP Server Orion Engineer's Toolset
CVE IDタイトルCVSS深刻度公開日
CVE-2023-23838 Directory traversal and file enumeration vulnerability: Database Performance Analyzer (DPA) 2023.1 — Database Performance Analyzer 6.5 Medium2023-04-25
CVE-2023-23837 No Exception Handling Vulnerability: Database Performance Analyzer (DPA) 2023.1 — Database Performance Analyzer 7.5 High2023-04-25
CVE-2022-47509 SolarWinds Platform Incorrect Input Neutralization Vulnerability — SolarWinds PlatformCWE-79 6.1 Medium2023-04-21
CVE-2022-47505 SolarWinds Platform Local Privilege Escalation Vulnerability — SolarWinds PlatformCWE-269 7.8 High2023-04-21
CVE-2022-38111 SolarWinds Platform Deserialization of Untrusted Data Vulnerability — SolarWinds PlatformCWE-502 7.2 High2023-02-15
CVE-2022-47503 SolarWinds Platform Deserialization of Untrusted Data Vulnerability — SolarWinds PlatformCWE-502 7.2 High2023-02-15
CVE-2022-47504 SolarWinds Platform Deserialization of Untrusted Data Vulnerability — SolarWinds PlatformCWE-502 7.2 High2023-02-15
CVE-2022-47506 SolarWinds Platform Directory Traversal Vulnerability — SolarWinds PlatformCWE-22 7.8 High2023-02-15
CVE-2022-47507 SolarWinds Platform Deserialization of Untrusted Data Vulnerability — SolarWinds PlatformCWE-502 7.2 High2023-02-15
CVE-2022-47508 Disable NTLM: SAM 2022.4 — Server & Application Monitor (SAM)CWE-287 7.5 High2023-02-15
CVE-2023-23836 SolarWinds Platform Deserialization of Untrusted Data Vulnerability — SolarWinds PlatformCWE-502 7.2 High2023-02-15
CVE-2022-38110 Reflected Cross-Site Scripting Vulnerability — Database Performance Analyzer (DPA)CWE-79 5.4 Medium2023-01-20
CVE-2022-38112 Sensitive Information Disclosure Vulnerability — Database Performance Analyzer (DPA)CWE-312 7.5 High2023-01-20
CVE-2022-47512 Sensitive Data Disclosure Vulnerability — Hybrid Cloud Observability (HCO)/ SolarWinds PlatformCWE-312 5.5 Medium2022-12-21
CVE-2021-35252 Common Key Vulnerability in Serv-U FTP Server — Serv-U FTP ServerCWE-798 7.5 High2022-12-16
CVE-2022-38106 Cross-Site Scripting Vulnerability in Serv-U Web Client — Serv-U File ServerCWE-79 5.4 Medium2022-12-16
CVE-2022-36964 SolarWinds Platform Deserialization of Untrusted Data — SolarWinds PlatformCWE-502 8.8 High2022-11-29
CVE-2022-36962 SolarWinds Platform Command Injection — SolarWinds PlatformCWE-78 7.2 High2022-11-29
CVE-2022-36960 SolarWinds Platform Improper Input Validation — SolarWinds PlatformCWE-287 8.8 High2022-11-29
CVE-2021-35246 Unprotected Transport of Credentials (HSTS) Vulnerability — Engineer's ToolsetCWE-319 5.3 Medium2022-11-23
CVE-2022-38108 SolarWinds Platform Deserialization of Untrusted Data — SolarWinds PlatformCWE-502 7.2 High2022-10-20
CVE-2022-36958 SolarWinds Platform Deserialization of Untrusted Data — SolarWinds PlatformCWE-502 8.8 High2022-10-20
CVE-2022-36957 SolarWinds Platform Deserialization of Untrusted Data — SolarWinds PlatformCWE-502 7.2 High2022-10-20
CVE-2022-36966 Insecure Direct Object Reference Vulnerability: Orion Platform 2020.2.6 — SolarWinds Platform 5.4 Medium2022-10-20
CVE-2022-38107 Sensitive Data Disclosure Vulnerability — SQL SentryCWE-209 5.3 Medium2022-10-19
CVE-2021-35226 Hashed Credential Exposure Vulnerability — Network Configuration ManagerCWE-326 6.5 Medium2022-10-10
CVE-2022-36965 Stored and DOM XSS in QoE Applications: Orion Platform — Orion Platform 6.1 Medium2022-09-30
CVE-2022-36961 Orion Platform SQL Injection Privilege Escalation Vulnerability — Orion PlatformCWE-89 8.8 High2022-09-30
CVE-2021-35249 Domain Admin Broken Access Control — Serv-UCWE-284 4.3 Medium2022-05-17
CVE-2021-35250 Directory Transversal Vulnerability in Serv-U 15.3 — Serv-UCWE-22 7.5 High2022-04-25

本页汇总了 SolarWinds 厂商截至目前公开的全部 166 条 CVE 漏洞。每条漏洞均包含 CVSS 评分、CWE 弱点分类、受影响产品与参考链接,并附带 AI 生成的中文分析以便快速判断风险。