Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

SolarWinds — Vulnerabilities & Security Advisories 166

Browse all 166 CVE security advisories affecting SolarWinds. AI-powered Chinese analysis, POCs, and references for each vulnerability.

SolarWinds provides IT management and monitoring software, primarily serving enterprise networks through its Orion platform. Historically, its applications have exhibited vulnerabilities typical of complex enterprise suites, including remote code execution, cross-site scripting, and privilege escalation flaws. These weaknesses often stem from intricate integration points and legacy codebases. The most significant security incident occurred in 2020, when a supply chain attack compromised the software’s update mechanism, allowing threat actors to insert malicious code into legitimate updates. This breach affected numerous government agencies and private corporations, exposing sensitive data and compromising network integrity. The incident highlighted critical risks in software supply chains and led to widespread scrutiny of the company’s development and security practices. Consequently, SolarWinds has implemented stricter security controls and transparency measures to restore trust and mitigate future risks associated with its widely deployed infrastructure tools.

Top products by SolarWinds: Access Rights Manager SolarWinds Platform Orion Platform Web Help Desk Serv-U SolarWinds Observability Self-Hosted Kiwi Syslog Server Patch Manager Database Performance Analyzer Network Configuration Manager Network Performance Monitor Database Performance Analyzer (DPA) ServU SolarWinds Platform Kiwi CatTools SolarWinds SolarWinds Serv-U DPA Kiwi Syslog NG Service Desk Hybrid Cloud Observability (HCO)/ SolarWinds Platform Server & Application Monitor (SAM) Dameware Mini Remote Control Service Observability Self-Hosted SQL Sentry Serv-U File Server WebHelpDesk Serv-U FTP Server Orion Engineer's Toolset
CVE IDTitleCVSSSeverityPublished
CVE-2021-35229 Cross-Site Scripting Vulnerability using SQL Query — Database Performance MonitorCWE-79 6.8 Medium2022-04-21
CVE-2021-35254 Authenticated Remote Code Execution in WebHelpDesk 12.7.8 — WebHelpDeskCWE-20 8.2 High2022-03-25
CVE-2021-35251 Sensitive Data Disclosure Vulnerability — Web Help DeskCWE-209 5.3 Medium2022-03-09
CVE-2021-35247 Improper Input Validation Vulnerability in Serv-U — Serv-UCWE-20 4.3 Medium2022-01-07
CVE-2021-35232 Hard credentials discovered in SolarWinds Web Help Desk which allows to execute Arbitrary Hibernate Queries — Web Help DeskCWE-798 6.8 Medium2021-12-27
CVE-2021-35243 HTTP PUT & DELETE Methods Enabled — Web Help DeskCWE-749 5.3 Medium2021-12-23
CVE-2021-35234 Exposed Dangerous Functions - Privileged Escalation — Orion CoreCWE-89 8.0 High2021-12-20
CVE-2021-35244 Unrestricted File Upload Causing Remote Code Execution: Orion Platform 2020.2.6 — Orion Platform 6.8 Medium2021-12-20
CVE-2021-35248 Unrestricted access to Orion.UserSettings SWIS entity for low-privilege users — OrionCWE-732 6.8 Medium2021-12-20
CVE-2021-35242 A valid CSRF token is present in response to an invalid request — Serv-U ServerCWE-352 8.3 High2021-12-06
CVE-2021-35245 Broken Access Control Vulnerability for SolarWinds Serv-U — Serv-U FTPCWE-284 8.4 High2021-12-06
CVE-2021-35237 Clickjacking Vulnerability — Kiwi Syslog ServerCWE-1021 5.0 Medium2021-10-29
CVE-2021-35236 Missing Secure Flag From SSL Cookie — Kiwi Syslog ServerCWE-614 3.1 Low2021-10-27
CVE-2021-35235 ASP.NET Debug Feature Enabled — Kiwi Syslog ServerCWE-11 5.3 Medium2021-10-27
CVE-2021-35233 HTTP TRACK & TRACE Methods Enabled — Kiwi Syslog ServerCWE-16 5.3 Medium2021-10-27
CVE-2021-35231 Unquoted Path (SMB Login) Vulnerability — Kiwi Syslog ServerCWE-428 6.7 Medium2021-10-25
CVE-2021-35230 Unquoted Path Vulnerability (SMB Login) in Kiwi CatTools — Kiwi CatToolsCWE-22 6.7 Medium2021-10-22
CVE-2021-35228 Reflected cross site scripting affecting SolarWinds: DPA 2021.3.7388 — SolarWinds 5.5 Medium2021-10-21
CVE-2021-35227 Insecure Web Configuration for RabbitMQ Management Plugin in SolarWinds ARM — Access Rights ManagerCWE-79 4.7 Medium2021-10-21
CVE-2021-35225 Netpath Horizontal Privilege Escalation Vulnerability: NPM 2020.2.5 — NPM 5.0 Medium2021-10-21
CVE-2021-35214 Session Management Vulnerability — Pingdom 4.8 Medium2021-10-12
CVE-2021-35217 Insecure Deserialization of untrusted data causing Remote code execution vulnerability. — Orion Platform 8.9 High2021-09-08
CVE-2021-35218 Chart Endpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability — Patch ManagerCWE-502 8.9 High2021-09-01
CVE-2021-35216 Deserialization of Untrusted Data in Resource Controls Remote Code Execution — Patch ManagerCWE-502 8.9 High2021-09-01
CVE-2021-35215 ActionPluginBaseView Deserialization of Untrusted Data RCE — Orion PlatformCWE-502 8.9 High2021-09-01
CVE-2021-35238 Stored XSS through URL POST parameter in CreateExternalWebsite Vulnerability — Orion PlatformCWE-79 4.8 Medium2021-09-01
CVE-2021-35212 Blind SQL injection Vulnerability — Orion Platform 8.9 High2021-08-31
CVE-2021-35223 Execute Command Function Allows Remote Code Execution (RCE)Vulnerability — Serv-UCWE-20 8.5 High2021-08-31
CVE-2021-35213 Orion User setting Improper Access Control Privilege Escalation Vulnerability — Orion PlatformCWE-284 8.9 High2021-08-31
CVE-2021-35240 Stored XSS via Help Server settings — Orion PlatformCWE-79 6.5 Medium2021-08-31

This page lists every published CVE security advisory associated with SolarWinds. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.