MidnightBSD

Advisories for solarwinds

CVE-2001-0054 MEDIUM

Directory traversal vulnerability in FTP Serv-U before 2.5i allows remote attackers to escape the FTP root and read arbitrary files by appending a string such as "/..%20." to a CD command, a variant of a .. (dot dot) attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
solarwinds serv-u_file_server 3.0.0.16
CVE-2001-1463 HIGH

The remote administration client for RhinoSoft Serv-U 3.0 sends the user password in plaintext even when S/KEY One-Time Password (OTP) authentication is enabled, which allows remote attackers to sniff passwords.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-310,

Products Affected

Vendor Product Version
solarwinds serv-u_file_server 3.0.0.17
solarwinds serv-u_file_server 3.0.0.16
CVE-2002-1209 MEDIUM

Directory traversal vulnerability in SolarWinds TFTP Server 5.0.55, and possibly earlier, allows remote attackers to read arbitrary files via "..\" (dot-dot backslash) sequences in a GET request.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
solarwinds tftp_server 5.0.55_standard
CVE-2002-1542 MEDIUM

SolarWinds TFTP server 5.0.55 and earlier allows remote attackers to cause a denial of service (crash) via a large UDP datagram, possibly triggering a buffer overflow.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
solarwinds tftp_server 5.0.55_standard
CVE-2002-2393 MEDIUM

Serv-U FTP server 3.0, 3.1 and 4.0.0.4 does not accept new connections while validating user folder access rights, which allows remote attackers to cause a denial of service (no new connections) via a series of MKD commands.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
solarwinds serv-u_file_server 4.0.0.4
solarwinds serv-u_file_server 3.1.0.0
CVE-2004-0330 HIGH

Buffer overflow in Serv-U ftp before 5.0.0.4 allows remote authenticated users to execute arbitrary code via a long time zone argument to the MDTM command.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
solarwinds serv-u_file_server 3.1.0.1
solarwinds serv-u_file_server 3.1.0.3
solarwinds serv-u_file_server 4.0.0.4
solarwinds serv-u_file_server 4.1.0.3
solarwinds serv-u_file_server 3.0.0.17
solarwinds serv-u_file_server *
solarwinds serv-u_file_server 3.1.0.0
solarwinds serv-u_file_server 3.0.0.16
solarwinds serv-u_file_server 4.1.0.0
CVE-2004-1675 MEDIUM

Serv-U FTP server 4.x and 5.x allows remote attackers to cause a denial of service (application crash) via a STORE UNIQUE (STOU) command with an MS-DOS device name argument such as (1) COM1, (2) LPT1, (3) PRN, or (4) AUX.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
solarwinds serv-u_file_server 5.1.0.0
solarwinds serv-u_file_server 5.2.0.1
solarwinds serv-u_file_server 4.0.0.4
solarwinds serv-u_file_server 4.1.0.3
solarwinds serv-u_file_server 5.0.0.0
solarwinds serv-u_file_server 5.0.0.9
solarwinds serv-u_file_server 5.0.0.11
solarwinds serv-u_file_server 5.0.0.4
solarwinds serv-u_file_server 5.2.0.0
solarwinds serv-u_file_server 4.1.0.0
CVE-2004-1852 MEDIUM

DameWare Mini Remote Control 3.x before 3.74 and 4.x before 4.2 transmits the Blowfish encryption key in plaintext, which allows remote attackers to gain sensitive information.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-319,

Products Affected

Vendor Product Version
solarwinds dameware_mini_remote_control *
CVE-2004-1992 MEDIUM

Buffer overflow in Serv-U FTP server before 5.0.0.6 allows remote attackers to cause a denial of service (crash) via a long -l parameter, which triggers an out-of-bounds read.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
solarwinds serv-u_file_server 3.1.0.1
solarwinds serv-u_file_server 3.1.0.3
solarwinds serv-u_file_server 4.0.0.4
solarwinds serv-u_file_server 4.1.0.3
solarwinds serv-u_file_server 5.0.0.0
solarwinds serv-u_file_server 3.0.0.17
solarwinds serv-u_file_server *
solarwinds serv-u_file_server 3.1.0.0
solarwinds serv-u_file_server 3.0.0.16
solarwinds serv-u_file_server 4.1.0.0
CVE-2004-2111 HIGH

Stack-based buffer overflow in the site chmod command in Serv-U FTP Server before 4.2 allows remote attackers to execute arbitrary code via a long filename.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
solarwinds serv-u_file_server 3.1.0.1
solarwinds serv-u_file_server 3.1.0.3
solarwinds serv-u_file_server 4.0.0.4
solarwinds serv-u_file_server 3.0.0.17
solarwinds serv-u_file_server *
solarwinds serv-u_file_server 3.1.0.0
solarwinds serv-u_file_server 3.0.0.16
solarwinds serv-u_file_server 4.1.0.0
CVE-2004-2532 HIGH

Serv-U FTP server before 5.1.0.0 has a default account and password for local administration, which allows local users to execute arbitrary commands by connecting to the server using the default administrator account, creating a new user, logging in as that new user, and then using the SITE EXEC command.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-255,

Products Affected

Vendor Product Version
solarwinds serv-u_file_server 3.1.0.1
solarwinds serv-u_file_server 5.0.0.0
solarwinds serv-u_file_server *
solarwinds serv-u_file_server 3.1.0.0
solarwinds serv-u_file_server 4.1.0.0
solarwinds serv-u_file_server 3.1.0.3
solarwinds serv-u_file_server 4.0.0.4
solarwinds serv-u_file_server 4.1.0.3
solarwinds serv-u_file_server 3.0.0.17
solarwinds serv-u_file_server 5.0.0.9
solarwinds serv-u_file_server 5.0.0.4
solarwinds serv-u_file_server 3.0.0.16
CVE-2004-2533 MEDIUM

Serv-U FTP Server 4.1 (possibly 4.0) allows remote attackers to cause a denial of service (application crash) via a SITE CHMOD command with a "\\...\" followed by a short string, causing partial memory corruption, a different vulnerability than CVE-2004-2111.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
solarwinds serv-u_file_server 4.1.0.0
CVE-2005-3467 MEDIUM

Serv-U FTP Server before 6.1.0.4 allows attackers to cause a denial of service (crash) via (1) malformed packets and possibly other unspecified issues with unknown impact and attack vectors including (2) use of "~" in a pathname, and (3) memory consumption of the daemon. NOTE: it is not clear whether items (2) and above are vulnerabilities.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
solarwinds serv-u_file_server 6.1.0.0
solarwinds serv-u_file_server 3.1.0.1
solarwinds serv-u_file_server 6.0.0.1
solarwinds serv-u_file_server 6.0.0.2
solarwinds serv-u_file_server 5.0.0.0
solarwinds serv-u_file_server 5.0.0.11
solarwinds serv-u_file_server 6.0.0.0
solarwinds serv-u_file_server *
solarwinds serv-u_file_server 3.1.0.0
solarwinds serv-u_file_server 5.2.0.0
solarwinds serv-u_file_server 4.1.0.0
solarwinds serv-u_file_server 3.1.0.3
solarwinds serv-u_file_server 5.1.0.0
solarwinds serv-u_file_server 5.2.0.1
solarwinds serv-u_file_server 4.0.0.4
solarwinds serv-u_file_server 4.1.0.3
solarwinds serv-u_file_server 3.0.0.17
solarwinds serv-u_file_server 5.0.0.9
solarwinds serv-u_file_server 5.0.0.4
solarwinds serv-u_file_server 3.0.0.16
CVE-2006-1951 MEDIUM

Directory traversal vulnerability in SolarWinds TFTP Server 8.1 and earlier allows remote attackers to download arbitrary files via a crafted GET request including "....//" sequences, which are collapsed into "../" sequences by filtering.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
solarwinds tftp_server 5.0.55_standard
solarwinds tftp_server 8.1
solarwinds tftp_server 5.0.60standard
CVE-2009-4815 MEDIUM

Directory traversal vulnerability in Serv-U before 9.2.0.1 allows remote authenticated users to read arbitrary files via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
solarwinds serv-u_file_server 6.0.0.1
solarwinds serv-u_file_server 8.2.0.3
solarwinds serv-u_file_server 7.1.0.0
solarwinds serv-u_file_server 7.0.0.2
solarwinds serv-u_file_server 3.1.0.0
solarwinds serv-u_file_server 7.1.0.1
solarwinds serv-u_file_server 8.0.0.7
solarwinds serv-u_file_server 9.0.0.5
solarwinds serv-u_file_server 6.1.0.4
solarwinds serv-u_file_server 8.1.0.3
solarwinds serv-u_file_server 7.0.0.4
solarwinds serv-u_file_server 4.1.0.3
solarwinds serv-u_file_server 5.0.0.9
solarwinds serv-u_file_server 8.0.0.1
solarwinds serv-u_file_server 5.0.0.4
solarwinds serv-u_file_server 8.0.0.5
solarwinds serv-u_file_server 7.0.0.3
solarwinds serv-u_file_server 7.4.0.0
solarwinds serv-u_file_server 6.0.0.2
solarwinds serv-u_file_server 8.0.0.2
solarwinds serv-u_file_server 7.2.0.1
solarwinds serv-u_file_server 5.0.0.0
solarwinds serv-u_file_server 6.0.0.0
solarwinds serv-u_file_server 5.2.0.0
solarwinds serv-u_file_server 4.1.0.0
solarwinds serv-u_file_server 3.1.0.3
solarwinds serv-u_file_server 5.2.0.1
solarwinds serv-u_file_server 4.0.0.4
solarwinds serv-u_file_server 3.0.0.17
solarwinds serv-u_file_server 7.2.0.0
solarwinds serv-u_file_server 7.3.0.1
solarwinds serv-u_file_server 6.1.0.5
solarwinds serv-u_file_server 6.4.0.5
solarwinds serv-u_file_server 3.0.0.16
solarwinds serv-u_file_server 6.1.0.1
solarwinds serv-u_file_server 6.2.0.0
solarwinds serv-u_file_server 6.3.0.1
solarwinds serv-u_file_server 5.0.0.11
solarwinds serv-u_file_server 7.0.0.1
solarwinds serv-u_file_server 6.3.0.0
solarwinds serv-u_file_server 7.1.0.2
solarwinds serv-u_file_server 8.0.0.4
solarwinds serv-u_file_server 5.1.0.0
solarwinds serv-u_file_server 8.2.0.0
solarwinds serv-u_file_server 7.3.0.0
solarwinds serv-u_file_server 6.4.0.0
solarwinds serv-u_file_server 9.0.0.1
solarwinds serv-u_file_server 6.4.0.1
solarwinds serv-u_file_server 6.1.0.0
solarwinds serv-u_file_server 3.1.0.1
solarwinds serv-u_file_server 8.2.0.1
solarwinds serv-u_file_server 7.3.0.2
solarwinds serv-u_file_server 6.4.0.4
solarwinds serv-u_file_server 9.1.0.0
solarwinds serv-u_file_server 6.4.0.6
solarwinds serv-u_file_server 6.4.0.2
solarwinds serv-u_file_server 6.4.0.3
solarwinds serv-u_file_server 9.0.0.3
solarwinds serv-u_file_server 9.1.0.2
solarwinds serv-u_file_server 8.1.0.1
solarwinds serv-u_file_server 6.2.0.1
solarwinds serv-u_file_server 7.4.0.1
CVE-2010-2115 MEDIUM

SolarWinds TFTP Server 10.4.0.10 allows remote attackers to cause a denial of service (no new connections) via a crafted read request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
solarwinds tftp_server 10.4.0.10
CVE-2010-2310 MEDIUM

SolarWinds TFTP Server 10.4.0.13 allows remote attackers to cause a denial of service (crash) via a long write request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
solarwinds tftp_server 10.4.0.13
CVE-2010-4828 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) 10.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Title parameter to MapView.aspx; NetObject parameter to (2) NodeDetails.aspx and (3) InterfaceDetails.aspx; and the (4) ChartName parameter to CustomChart.aspx.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
solarwinds orion_network_performance_monitor 10.1
CVE-2011-4800 HIGH

Directory traversal vulnerability in Serv-U FTP Server before 11.1.0.5 allows remote authenticated users to read and write arbitrary files, and list and create arbitrary directories, via a "..:/" (dot dot colon forward slash) in the (1) list, (2) put, or (3) get commands.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
solarwinds serv-u_file_server 6.0.0.1
solarwinds serv-u_file_server 8.2.0.3
solarwinds serv-u_file_server 7.1.0.0
solarwinds serv-u_file_server 7.0.0.2
solarwinds serv-u_file_server 10.1.0.0
solarwinds serv-u_file_server 11.0.0.0
solarwinds serv-u_file_server 3.1.0.0
solarwinds serv-u_file_server 7.1.0.1
solarwinds serv-u_file_server 8.0.0.7
solarwinds serv-u_file_server 9.0.0.5
solarwinds serv-u_file_server 10.5.0.19
solarwinds serv-u_file_server 6.1.0.4
solarwinds serv-u_file_server 10.2.0.2
solarwinds serv-u_file_server 8.1.0.3
solarwinds serv-u_file_server 7.0.0.4
solarwinds serv-u_file_server 4.1.0.3
solarwinds serv-u_file_server 5.0.0.9
solarwinds serv-u_file_server 8.0.0.1
solarwinds serv-u_file_server 5.0.0.4
solarwinds serv-u_file_server 8.0.0.5
solarwinds serv-u_file_server 7.0.0.3
solarwinds serv-u_file_server 10.5.0.4
solarwinds serv-u_file_server 7.4.0.0
solarwinds serv-u_file_server 6.0.0.2
solarwinds serv-u_file_server 8.0.0.2
solarwinds serv-u_file_server 7.2.0.1
solarwinds serv-u_file_server 10.0.0.5
solarwinds serv-u_file_server 5.0.0.0
solarwinds serv-u_file_server 6.0.0.0
solarwinds serv-u_file_server 10.4.0.0
solarwinds serv-u_file_server 9.4.0.2
solarwinds serv-u_file_server 5.2.0.0
solarwinds serv-u_file_server 9.3.0.1
solarwinds serv-u_file_server 4.1.0.0
solarwinds serv-u_file_server 3.1.0.3
solarwinds serv-u_file_server 11.0.0.4
solarwinds serv-u_file_server 5.2.0.1
solarwinds serv-u_file_server 4.0.0.4
solarwinds serv-u_file_server 3.0.0.17
solarwinds serv-u_file_server 7.2.0.0
solarwinds serv-u_file_server 7.3.0.1
solarwinds serv-u_file_server 6.1.0.5
solarwinds serv-u_file_server 6.4.0.5
solarwinds serv-u_file_server 3.0.0.16
solarwinds serv-u_file_server 11.1.0.5
solarwinds serv-u_file_server 6.1.0.1
solarwinds serv-u_file_server 10.5.0.21
solarwinds serv-u_file_server 6.2.0.0
solarwinds serv-u_file_server 6.3.0.1
solarwinds serv-u_file_server 5.0.0.11
solarwinds serv-u_file_server 7.0.0.1
solarwinds serv-u_file_server 10.3.0.1
solarwinds serv-u_file_server 10.5.0.14
solarwinds serv-u_file_server 6.3.0.0
solarwinds serv-u_file_server 7.1.0.2
solarwinds serv-u_file_server 10.0.0.3
solarwinds serv-u_file_server 8.0.0.4
solarwinds serv-u_file_server 5.1.0.0
solarwinds serv-u_file_server 8.2.0.0
solarwinds serv-u_file_server 10.2.0.0
solarwinds serv-u_file_server 7.3.0.0
solarwinds serv-u_file_server 6.4.0.0
solarwinds serv-u_file_server 9.0.0.1
solarwinds serv-u_file_server 6.4.0.1
solarwinds serv-u_file_server 10.5.0.16
solarwinds serv-u_file_server 10.0.0.2
solarwinds serv-u_file_server 10.1.0.1
solarwinds serv-u_file_server 6.1.0.0
solarwinds serv-u_file_server 10.5.0.24
solarwinds serv-u_file_server 3.1.0.1
solarwinds serv-u_file_server 10.5.0.11
solarwinds serv-u_file_server 8.2.0.1
solarwinds serv-u_file_server 10.5.0.6
solarwinds serv-u_file_server 11.0.0.2
solarwinds serv-u_file_server 7.3.0.2
solarwinds serv-u_file_server *
solarwinds serv-u_file_server 6.4.0.4
solarwinds serv-u_file_server 9.1.0.0
solarwinds serv-u_file_server 6.4.0.6
solarwinds serv-u_file_server 6.4.0.2
solarwinds serv-u_file_server 6.4.0.3
solarwinds serv-u_file_server 10.0.0.7
solarwinds serv-u_file_server 9.2.0.1
solarwinds serv-u_file_server 9.0.0.3
solarwinds serv-u_file_server 9.1.0.2
solarwinds serv-u_file_server 8.1.0.1
solarwinds serv-u_file_server 6.2.0.1
solarwinds serv-u_file_server 9.4.0.0
solarwinds serv-u_file_server 7.4.0.1
CVE-2012-2576 HIGH

SQL injection vulnerability in the LoginServlet page in SolarWinds Storage Manager before 5.1.2, SolarWinds Storage Profiler before 5.1.2, and SolarWinds Backup Profiler before 5.1.2 allows remote attackers to execute arbitrary SQL commands via the loginName field.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
solarwinds storage_manager *
solarwinds storage_profiler *
solarwinds backup_profiler *
CVE-2013-3249 HIGH

Stack-based buffer overflow in the "Add from text file" feature in the DameWare Exporter tool (DWExporter.exe) in DameWare Remote Support 10.0.0.372, 9.0.1.247, and earlier allows user-assisted attackers to execute arbitrary code via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
solarwinds dameware_remote_support *
CVE-2014-3459 MEDIUM

Heap-based buffer overflow in SolarWinds Network Configuration Manager (NCM) before 7.3 allows remote attackers to execute arbitrary code via the PEstrarg1 property.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
solarwinds network_configuration_manager 7.2.1
solarwinds network_configuration_manager 7.2.0
solarwinds network_configuration_manager *
CVE-2014-5504 HIGH

SolarWinds Log and Event Manager before 6.0 uses "static" credentials, which makes it easier for remote attackers to obtain access to the database and execute arbitrary code via unspecified vectors, related to HyperSQL.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-255,

Products Affected

Vendor Product Version
solarwinds log_and_event_manager *
solarwinds log_and_event_manager 5.2.0
solarwinds log_and_event_manager 5.4.0
solarwinds log_and_event_manager 5.6.0
solarwinds log_and_event_manager 5.5.0
CVE-2014-9566 HIGH

Multiple SQL injection vulnerabilities in the Manage Accounts page in the AccountManagement.asmx service in the Solarwinds Orion Platform 2015.1, as used in Network Performance Monitor (NPM) before 11.5, NetFlow Traffic Analyzer (NTA) before 4.1, Network Configuration Manager (NCM) before 7.3.2, IP Address Manager (IPAM) before 4.3, User Device Tracker (UDT) before 3.2, VoIP & Network Quality Manager (VNQM) before 4.2, Server & Application Manager (SAM) before 6.2, Web Performance Monitor (WPM) before 2.2, and possibly other Solarwinds products, allow remote authenticated users to execute arbitrary SQL commands via the (1) dir or (2) sort parameter to the (a) GetAccounts or (b) GetAccountGroups endpoint.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
solarwinds orion_server_and_application_manager *
solarwinds orion_voip_&_network_quality_manager *
solarwinds orion_ip_address_manager *
solarwinds orion_netflow_traffic_analyzer *
solarwinds orion_user_device_tracker *
solarwinds orion_web_performance_monitor *
solarwinds orion_network_performance_monitor *
solarwinds orion_network_configuration_manager *
CVE-2015-1500 MEDIUM

Multiple stack-based buffer overflows in the TSUnicodeGraphEditorControl in SolarWinds Server and Application Monitor (SAM) allow remote attackers to execute arbitrary code via unspecified vectors to (1) graphManager.load or (2) factory.load.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
solarwinds server_and_application_monitor -
CVE-2015-1501 MEDIUM

The factory.loadExtensionFactory function in TSUnicodeGraphEditorControl in SolarWinds Server and Application Monitor (SAM) allow remote attackers to execute arbitrary code via a UNC path to a crafted binary.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-94,

Products Affected

Vendor Product Version
solarwinds server_and_application_monitor -
CVE-2015-2284 HIGH

userlogin.jsp in SolarWinds Firewall Security Manager (FSM) before 6.6.5 HotFix1 allows remote attackers to gain privileges and execute arbitrary code via unspecified vectors, related to client session handling.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
solarwinds firewall_security_manager *
CVE-2015-5371 HIGH

The AuthenticationFilter class in SolarWinds Storage Manager allows remote attackers to upload and execute arbitrary scripts via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
solarwinds storage_manager -
CVE-2015-5610 MEDIUM

The RSM (aka RSMWinService) service in SolarWinds N-Able N-Central before 9.5.1.4514 uses the same password decryption key across different customers' installations, which makes it easier for remote authenticated users to obtain the cleartext domain-administrator password by locating the encrypted password within HTML source code and then leveraging knowledge of this key from another installation.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
solarwinds n-able_n-central *
CVE-2015-7838 HIGH

ProcessFileUpload.jsp in SolarWinds Storage Manager before 6.2 allows remote attackers to upload and execute arbitrary files via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
solarwinds storage_manager *
CVE-2015-7839 HIGH

SolarWinds Log and Event Manager (LEM) allows remote attackers to execute arbitrary commands on managed computers via a request to services/messagebroker/nonsecurestreamingamf involving the traceroute functionality.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
solarwinds log_and_event_manager *
CVE-2015-7840 HIGH

The command line management console (CMC) in SolarWinds Log and Event Manager (LEM) before 6.2.0 allows remote attackers to execute arbitrary code via unspecified vectors involving the ping feature.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
solarwinds log_and_event_manager *
CVE-2015-8220 HIGH

Stack-based buffer overflow in the URI handler in DWRCC.exe in SolarWinds DameWare Mini Remote Control before 12.0 HotFix 1 allows remote attackers to execute arbitrary code via a crafted commandline argument in a link.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
solarwinds dameware_mini_remote_control *
CVE-2016-3642 HIGH

The RMI service in SolarWinds Virtualization Manager 6.3.1 and earlier allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
solarwinds virtualization_manager *
CVE-2016-3643 HIGH

SolarWinds Virtualization Manager 6.3.1 and earlier allow local users to gain privileges by leveraging a misconfiguration of sudo, as demonstrated by "sudo cat /etc/passwd."

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
solarwinds virtualization_manager *
CVE-2016-4350 HIGH

Multiple SQL injection vulnerabilities in the Web Services web server in SolarWinds Storage Resource Monitor (SRM) Profiler (formerly Storage Manager (STM)) before 6.2.3 allow remote attackers to execute arbitrary SQL commands via the (1) ScriptSchedule parameter in the ScriptServlet servlet; the (2) winEventId or (3) winEventLog parameter in the WindowsEventLogsServlet servlet; the (4) processOS parameter in the ProcessesServlet servlet; the (5) group, (6) groupName, or (7) clientName parameter in the BackupExceptionsServlet servlet; the (8) valDB or (9) valFS parameter in the BackupAssociationServlet servlet; the (10) orderBy or (11) orderDir parameter in the HostStorageServlet servlet; the (12) fileName, (13) sortField, or (14) sortDirection parameter in the DuplicateFilesServlet servlet; the (15) orderFld or (16) orderDir parameter in the QuantumMonitorServlet servlet; the (17) exitCode parameter in the NbuErrorMessageServlet servlet; the (18) udfName, (19) displayName, (20) udfDescription, (21) udfDataValue, (22) udfSectionName, or (23) udfId parameter in the UserDefinedFieldConfigServlet servlet; the (24) sortField or (25) sortDirection parameter in the XiotechMonitorServlet servlet; the (26) sortField or (27) sortDirection parameter in the BexDriveUsageSummaryServlet servlet; the (28) state parameter in the ScriptServlet servlet; the (29) assignedNames parameter in the FileActionAssignmentServlet servlet; the (30) winEventSource parameter in the WindowsEventLogsServlet servlet; or the (31) name, (32) ipOne, (33) ipTwo, or (34) ipThree parameter in the XiotechMonitorServlet servlet.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
solarwinds storage_resource_monitor *
CVE-2016-5709 LOW

SolarWinds Virtualization Manager 6.3.1 and earlier uses weak encryption to store passwords in /etc/shadow, which allows local users with superuser privileges to obtain user passwords via a brute force attack.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
solarwinds virtualization_manager *
CVE-2017-5198 HIGH

SolarWinds LEM (aka SIEM) before 6.3.1 has an incorrect sudo configuration, which allows local users to obtain root access by editing /usr/local/contego/scripts/hostname.sh.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
solarwinds log_and_event_manager *
CVE-2017-5199 MEDIUM

The editbanner feature in SolarWinds LEM (aka SIEM) through 6.3.1 allows remote authenticated users to execute arbitrary code by editing /usr/local/contego/scripts/mgrconfig.pl.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-732,

Products Affected

Vendor Product Version
solarwinds log_and_event_manager *
CVE-2017-6803 MEDIUM

Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface in the Scheduler in SolarWinds (formerly Serv-U) FTP Voyager 16.2.0 allow remote attackers to hijack the authentication of users for requests that (1) change the admin password, (2) terminate the scheduler, or (3) possibly execute arbitrary commands via crafted requests to Admin/XML/Result.xml.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
solarwinds ftp_voyager 16.2.0
CVE-2017-7646 MEDIUM

SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an authenticated user to browse the server's filesystem and read the contents of arbitrary files contained within.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
solarwinds log_&_event_manager *
CVE-2017-7647 MEDIUM

SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an authenticated user to execute arbitrary commands.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
solarwinds log_&_event_manager *
CVE-2017-7722 HIGH

In SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4, a menu system is encountered when the SSH service is accessed with "cmc" and "password" (the default username and password). By exploiting a vulnerability in the restrictssh feature of the menuing script, an attacker can escape from the restricted shell.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
solarwinds log_&_event_manager 6.3.1
CVE-2017-9537 LOW

Persistent cross-site scripting (XSS) in the Add Node function of SolarWinds Network Performance Monitor version 12.0.15300.90 allows remote attackers to introduce arbitrary JavaScript into various vulnerable parameters.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
solarwinds network_performance_monitor 12.0.15300.90
CVE-2017-9538 MEDIUM

The 'Upload logo from external path' function of SolarWinds Network Performance Monitor version 12.0.15300.90 allows remote attackers to cause a denial of service (permanent display of a "Cannot exit above the top directory" error message throughout the entire web application) via a ".." in the path field. In other words, the denial of service is caused by an incorrect implementation of a directory-traversal protection mechanism.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
solarwinds network_performance_monitor *
CVE-2018-10240 MEDIUM

SolarWinds Serv-U MFT before 15.1.6 HFv1 assigns authenticated users a low-entropy session token that can be included in requests to the application as a URL parameter in lieu of a session cookie. This session token's value can be brute-forced by an attacker to obtain the corresponding session cookie and hijack the user's session.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-331,

Products Affected

Vendor Product Version
solarwinds serv-u *
CVE-2018-10241 MEDIUM

A denial of service vulnerability in SolarWinds Serv-U before 15.1.6 HFv1 allows an authenticated user to crash the application (with a NULL pointer dereference) via a specially crafted URL beginning with the /Web%20Client/ substring.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
solarwinds serv-u *
CVE-2018-12897 MEDIUM

SolarWinds DameWare Mini Remote Control before 12.1 has a Buffer Overflow.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
solarwinds dameware_mini_remote_control *
CVE-2018-13442 MEDIUM

SolarWinds Network Performance Monitor 12.3 allows SQL Injection via the /api/ActiveAlertsOnThisEntity/GetActiveAlerts TriggeringObjectEntityNames parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
solarwinds network_performance_monitor *
CVE-2018-15906 HIGH

SolarWinds Serv-U FTP Server 15.1.6 allows remote authenticated users to execute arbitrary code by leveraging the Import feature and modifying a CSV file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
solarwinds serv-u_ftp_server 15.1.6
CVE-2018-16243 LOW

SolarWinds Database Performance Analyzer (DPA) 11.1.468 and 12.0.3074 have several persistent XSS vulnerabilities, related to logViewer.iwc, centralManage.cen, userAdministration.iwc, database.iwc, alertManagement.iwc, eventAnnotations.iwc, and central.cen.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
solarwinds database_performance_analyzer 12.0.3074
solarwinds database_performance_analyzer 11.1.468
CVE-2018-16791 MEDIUM

In SolarWinds SFTP/SCP Server through 2018-09-10, the configuration file is world readable and writable, and stores user passwords in an insecure manner, allowing an attacker to determine passwords for potentially privileged accounts. This also grants the attacker an ability to backdoor the server.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-522,

Products Affected

Vendor Product Version
solarwinds sftp/scp_server *
CVE-2018-16792 MEDIUM

SolarWinds SFTP/SCP server through 2018-09-10 is vulnerable to XXE via a world readable and writable configuration file that allows an attacker to exfiltrate data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,

Products Affected

Vendor Product Version
solarwinds sftp/scp_server *
CVE-2018-19386 MEDIUM

SolarWinds Database Performance Analyzer 11.1.457 contains an instance of Reflected XSS in its idcStateError component, where the page parameter is reflected into the HREF of the 'Try Again' Button on the page, aka a /iwc/idcStateError.iwc?page= URI.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
solarwinds database_performance_analyzer 11.1.457
CVE-2018-19934 LOW

SolarWinds Serv-U FTP Server 15.1.6.25 has reflected cross-site scripting (XSS) in the Web management interface via URL path and HTTP POST parameter.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
solarwinds serv-u_ftp_server 15.1.6.25
CVE-2018-19999 HIGH

The local management interface in SolarWinds Serv-U FTP Server 15.1.6.25 has incorrect access controls that permit local users to bypass authentication in the application and execute code in the context of the Windows SYSTEM account, leading to privilege escalation. To exploit this vulnerability, an attacker must have local access the the host running Serv-U, and a Serv-U administrator have an active management console session.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
solarwinds serv-u_ftp_server 15.1.6.25
CVE-2019-12181 MEDIUM

A privilege escalation vulnerability exists in SolarWinds Serv-U before 15.1.7 for Linux.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,

Products Affected

Vendor Product Version
solarwinds serv-u_mft_server *
solarwinds serv-u_ftp_server *
CVE-2019-12769 MEDIUM

SolarWinds Serv-U Managed File Transfer (MFT) Web client before 15.1.6 Hotfix 2 is vulnerable to Cross-Site Request Forgery in the file upload functionality via ?Command=Upload with the Dir and File parameters.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
solarwinds serv-u_managed_file_transfer *
solarwinds serv-u_managed_file_transfer 15.1.6
CVE-2019-12863 LOW

SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) allows Stored HTML Injection by administrators via the Web Console Settings screen.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
solarwinds network_performance_monitor 12.4
solarwinds orion_platform 2018.4
solarwinds netpath 1.1.4
CVE-2019-12864 LOW

SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) is vulnerable to Information Leakage, because of improper error handling with stack traces, as demonstrated by discovering a full pathname upon a 500 Internal Server Error via the api2/swis/query?lang=en-us&swAlertOnError=false query parameter.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-209,

Products Affected

Vendor Product Version
solarwinds network_performance_monitor 12.4
solarwinds orion_platform 2018.4
solarwinds netpath 1.1.4
CVE-2019-12954 LOW

SolarWinds Network Performance Monitor (Orion Platform 2018, NPM 12.3, NetPath 1.1.3) allows XSS by authenticated users via a crafted onerror attribute of a VIDEO element in an action for an ALERT.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
solarwinds network_performance_monitor_orion_platform_2018_netpath 1.1.3
solarwinds network_performance_monitor_orion_platform_2018_npm 12.3
CVE-2019-13181 MEDIUM

A CSV injection vulnerability exists in the web UI of SolarWinds Serv-U FTP Server v15.1.7.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-1236,

Products Affected

Vendor Product Version
solarwinds serv-u_ftp_server 15.1.7
CVE-2019-13182 LOW

A stored cross-site scripting (XSS) vulnerability exists in the web UI of SolarWinds Serv-U FTP Server 15.1.7.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
solarwinds serv-u_ftp_server 15.1.7
CVE-2019-16954 MEDIUM

SolarWinds Web Help Desk 12.7.0 allows HTML injection via a Comment in a Help Request ticket.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
solarwinds web_help_desk 12.7.0
CVE-2019-16955 LOW

SolarWinds Web Help Desk 12.7.0 allows XSS via an uploaded SVG document in a request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
solarwinds webhelpdesk 12.7.0
CVE-2019-16956 LOW

SolarWinds Web Help Desk 12.7.0 allows XSS via the Request Type parameter of a ticket.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
solarwinds web_help_desk 12.7.0
CVE-2019-16957 LOW

SolarWinds Web Help Desk 12.7.0 allows XSS via the First Name field of a User Account.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
solarwinds webhelpdesk 12.7.0
CVE-2019-16958 LOW

Cross-site Scripting (XSS) vulnerability in SolarWinds Web Help Desk 12.7.0 allows attacker to inject arbitrary web script or HTML via Location Name.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
solarwinds help_desk 12.7.0
CVE-2019-16959 MEDIUM

SolarWinds Web Help Desk 12.7.0 allows CSV Injection, also known as Formula Injection, via a file attached to a ticket.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-1236,

Products Affected

Vendor Product Version
solarwinds webhelpdesk 12.7.0
CVE-2019-16960 LOW

SolarWinds Web Help Desk 12.7.0 allows XSS via a CSV template file with a crafted Location Name field.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
solarwinds web_help_desk 12.7.0
CVE-2019-16961 LOW

SolarWinds Web Help Desk 12.7.0 allows XSS via a Schedule Name.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
solarwinds web_help_desk 12.7.0
CVE-2019-17125 MEDIUM

A Reflected Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many forms. An attacker can inject an Angular expression and escape the Angular sandbox to achieve stored XSS.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
solarwinds orion_platform 2019.2
CVE-2019-17127 MEDIUM

A Stored Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many application forms. An attacker can inject an Angular expression and escape the Angular sandbox to achieve stored XSS. This can lead to privilege escalation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
solarwinds orion_platform 2019.2
CVE-2019-19829 LOW

A cross-site scripting (XSS) vulnerability exists in SolarWinds Serv-U FTP Server 15.1.7 in the email parameter, a different vulnerability than CVE-2018-19934 and CVE-2019-13182.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
solarwinds serv-u_ftp_server 15.1.7
CVE-2019-20002 MEDIUM

Formula Injection exists in the export feature in SolarWinds WebHelpDesk 12.7.1 via a value (provided by a low-privileged user in the Subject field of a help request form) that is mishandled in a TicketActions/view?tab=group TSV export by an admin user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-1236,

Products Affected

Vendor Product Version
solarwinds webhelpdesk 12.7.1
CVE-2019-3957 MEDIUM

Dameware Remote Mini Control version 12.1.0.34 and prior contains an unauthenticated remote buffer over-read due to the server not properly validating RsaSignatureLen during key negotiation, which could crash the application or leak sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.4 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H 2.2 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-125,

Products Affected

Vendor Product Version
solarwinds dameware_mini_remote_control *
CVE-2019-3980 HIGH

The Solarwinds Dameware Mini Remote Client agent v12.1.0.89 supports smart card authentication which can allow a user to upload an executable to be executed on the DWRCS.exe host. An unauthenticated, remote attacker can request smart card login and upload and execute an arbitrary executable run under the Local System account.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-346,

Products Affected

Vendor Product Version
solarwinds dameware_mini_remote_control 12.1.0.89
CVE-2019-8917 HIGH

SolarWinds Orion NPM before 12.4 suffers from a SYSTEM remote code execution vulnerability in the OrionModuleEngine service. This service establishes a NetTcpBinding endpoint that allows remote, unauthenticated clients to connect and call publicly exposed methods. The InvokeActionMethod method may be abused by an attacker to execute commands as the SYSTEM user.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
solarwinds orion_network_performance_monitor *
CVE-2019-9017 MEDIUM

DWRCC in SolarWinds DameWare Mini Remote Control 10.0 x64 has a Buffer Overflow associated with the size field for the machine name.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
solarwinds dameware_mini_remote_control 10.0
CVE-2019-9546 HIGH

SolarWinds Orion Platform before 2018.4 Hotfix 2 allows privilege escalation through the RabbitMQ service.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-427,

Products Affected

Vendor Product Version
solarwinds orion_platform 2018.4
solarwinds orion_platform *
CVE-2020-10148 HIGH

The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. This vulnerability could allow a remote attacker to bypass authentication and execute API commands which may result in a compromise of the SolarWinds instance. SolarWinds Orion Platform versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1 are affected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-288,CWE-306,

Products Affected

Vendor Product Version
solarwinds orion_platform 2020.2.1
solarwinds orion_platform 2019.4
solarwinds orion_platform 2020.2
CVE-2020-12608 HIGH

An issue was discovered in SolarWinds MSP PME (Patch Management Engine) Cache Service before 1.1.15 in the Advanced Monitoring Agent. There are insecure file permissions for %PROGRAMDATA%\SolarWinds MSP\SolarWinds.MSP.CacheService\config\. This can lead to code execution by changing the CacheService.xml SISServerURL parameter.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-276,

Products Affected

Vendor Product Version
solarwinds managed_service_provider_patch_management_engine *
CVE-2020-13169 LOW

Stored XSS (Cross-Site Scripting) exists in the SolarWinds Orion Platform before before 2020.2.1 on multiple forms and pages. This vulnerability may lead to the Information Disclosure and Escalation of Privileges (takeover of administrator account).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H 2.3 6.0

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
solarwinds orion_platform *
CVE-2020-13912 MEDIUM

SolarWinds Advanced Monitoring Agent before 10.8.9 allows local users to gain privileges via a Trojan horse .exe file, because everyone can write to a certain .exe file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-732,

Products Affected

Vendor Product Version
solarwinds advanced_monitoring_agent *
CVE-2020-14005 HIGH

Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows remote attackers to execute arbitrary code via a defined event.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
solarwinds orion_network_performance_monitor 2019.4
solarwinds orion_web_performance_monitor 2019.4.1
CVE-2020-14006 LOW

Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows XSS via a Responsible Team.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
solarwinds orion_network_performance_monitor 2019.4
solarwinds orion_web_performance_monitor 2019.4.1
CVE-2020-14007 LOW

Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows XSS via a name of an alert definition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
solarwinds orion_network_performance_monitor 2019.4
solarwinds orion_web_performance_monitor 2019.4.1
CVE-2020-15541 HIGH

SolarWinds Serv-U FTP server before 15.2.1 allows remote command execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
solarwinds serv-u_ftp_server *
CVE-2020-15542 HIGH

SolarWinds Serv-U FTP server before 15.2.1 mishandles the CHMOD command.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
solarwinds serv-u_ftp_server *
CVE-2020-15543 HIGH

SolarWinds Serv-U FTP server before 15.2.1 does not validate an argument path.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
solarwinds serv-u_ftp_server *
CVE-2020-15573 MEDIUM

SolarWinds Serv-U File Server before 15.2.1 has a "Cross-script vulnerability," aka Case Numbers 00041778 and 00306421.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
solarwinds serv-u *
CVE-2020-15574 MEDIUM

SolarWinds Serv-U File Server before 15.2.1 mishandles the Same-Site cookie attribute, aka Case Number 00331893.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
solarwinds serv-u *
CVE-2020-15575 MEDIUM

SolarWinds Serv-U File Server before 15.2.1 allows XSS as demonstrated by Tenable Scan, aka Case Number 00484194.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
solarwinds serv-u *
CVE-2020-15576 MEDIUM

SolarWinds Serv-U File Server before 15.2.1 allows information disclosure via an HTTP response.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
solarwinds serv-u *
CVE-2020-15909 MEDIUM

SolarWinds N-central through 2020.1 allows session hijacking and requires user interaction or physical access. The N-Central JSESSIONID cookie attribute is not checked against multiple sources such as sourceip, MFA claim, etc. as long as the victim stays logged in within N-Central. To take advantage of this, cookie could be stolen and the JSESSIONID can be captured. On its own this is not a surprising result; low security tools allow the cookie to roam from machine to machine. The JSESSION cookie can then be used on the attackers’ workstation by browsing to the victim’s NCentral server URL and replacing the JSESSIONID attribute value by the captured value. Expected behavior would be to check this against a second source and enforce at least a reauthentication or multi factor request as N-Central is a highly privileged service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-384,

Products Affected

Vendor Product Version
solarwinds n-central *
CVE-2020-15910 MEDIUM

SolarWinds N-Central version 12.3 GA and lower does not set the JSESSIONID attribute to HTTPOnly. This makes it possible to influence the cookie with javascript. An attacker could send the user to a prepared webpage or by influencing JavaScript to the extract the JESSIONID. This could then be forwarded to the attacker.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.7 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-732,

Products Affected

Vendor Product Version
solarwinds n-central *
CVE-2020-22428 LOW

SolarWinds Serv-U before 15.1.6 Hotfix 3 is affected by Cross Site Scripting (XSS) via a directory name (entered by an admin) containing a JavaScript payload.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
solarwinds serv-u_mft_server 15.1
solarwinds serv-u_ftp_server 15.1
CVE-2020-25617 HIGH

An issue was discovered in SolarWinds N-Central 12.3.0.670. The AdvancedScripts HTTP endpoint allows Relative Path Traversal by an authenticated user of the N-Central Administration Console (NAC), leading to execution of OS commands as root.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
solarwinds n-central 12.3.0.670
CVE-2020-25618 HIGH

An issue was discovered in SolarWinds N-Central 12.3.0.670. The sudo configuration has incorrect access control because the nable web user account is effectively able to run arbitrary OS commands as root (i.e., the use of root privileges is not limited to specific programs listed in the sudoers file).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
solarwinds n-central 12.3.0.670
CVE-2020-25619 LOW

An issue was discovered in SolarWinds N-Central 12.3.0.670. The SSH component does not restrict the Communication Channel to Intended Endpoints. An attacker can leverage an SSH feature (port forwarding with a temporary key pair) to access network services on the 127.0.0.1 interface, even though this feature was only intended for user-to-agent communication.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 1.8 2.5

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
solarwinds n-central 12.3.0.670
CVE-2020-25620 MEDIUM

An issue was discovered in SolarWinds N-Central 12.3.0.670. Hard-coded Credentials exist by default for local user accounts named support@n-able.com and nableadmin@n-able.com. These allow logins to the N-Central Administrative Console (NAC) and/or the regular web interface.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-798,

Products Affected

Vendor Product Version
solarwinds n-central 12.3.0.670
CVE-2020-25621 LOW

An issue was discovered in SolarWinds N-Central 12.3.0.670. The local database does not require authentication: security is only based on ability to access a network interface. The database has keys and passwords.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.4 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.5 5.9

CVSS 2.0

Severity: LOW

Problem Type: CWE-306,

Products Affected

Vendor Product Version
solarwinds n-central 12.3.0.670
CVE-2020-25622 MEDIUM

An issue was discovered in SolarWinds N-Central 12.3.0.670. The AdvancedScripts HTTP endpoint allows CSRF.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
solarwinds n-central 12.3.0.670
CVE-2020-27869 HIGH

This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor 2020 HF1, NPM: 2020.2. Authentication is required to exploit this vulnerability. The specific flaw exists within the WriteToFile method. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges and reset the password for the Admin user. Was ZDI-CAN-11804.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,CWE-89,

Products Affected

Vendor Product Version
solarwinds network_performance_monitor 2020.2
solarwinds network_performance_monitor 2020
CVE-2020-27870 MEDIUM

This vulnerability allows remote attackers to disclose sensitive information on affected installations of SolarWinds Orion Platform 2020.2.1. Authentication is required to exploit this vulnerability. The specific flaw exists within ExportToPDF.aspx. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. Was ZDI-CAN-11917.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
solarwinds orion_platform 2020.2.1
CVE-2020-27871 HIGH

This vulnerability allows remote attackers to create arbitrary files on affected installations of SolarWinds Orion Platform 2020.2.1. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within VulnerabilitySettings.aspx. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-11902.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
solarwinds orion_platform 2020.2.1
CVE-2020-27994 MEDIUM

SolarWinds Serv-U before 15.2.2 allows Authenticated Directory Traversal.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
solarwinds serv-u *
CVE-2020-28001 LOW

SolarWinds Serv-U before 15.2.2 allows Authenticated Stored XSS.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
solarwinds serv-u *
CVE-2020-35481 HIGH

SolarWinds Serv-U before 15.2.2 allows Unauthenticated Macro Injection.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
solarwinds serv-u *
CVE-2020-35482 LOW

SolarWinds Serv-U before 15.2.2 allows authenticated reflected XSS.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
solarwinds serv-u *
CVE-2020-35856 LOW

SolarWinds Orion Platform before 2020.2.5 allows stored XSS attacks by an administrator on the Customize View page.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
solarwinds orion_platform *
CVE-2020-5734 MEDIUM

Classic buffer overflow in SolarWinds Dameware allows a remote, unauthenticated attacker to cause a denial of service by sending a large 'SigPubkeyLen' during ECDH key exchange.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
solarwinds dameware 12.1
CVE-2020-7984 MEDIUM

SolarWinds N-central before 12.1 SP1 HF5 and 12.2 before SP1 HF2 allows remote attackers to retrieve cleartext domain admin credentials from the Agent & Probe settings, and obtain other sensitive information. The attacker can use a customer ID to self register and read any aspects of the agent/appliance configuration.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-319,

Products Affected

Vendor Product Version
solarwinds n-central *
CVE-2021-25179 MEDIUM

SolarWinds Serv-U before 15.2 is affected by Cross Site Scripting (XSS) via the HTTP Host header.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
solarwinds serv-u_file_server *
CVE-2021-25274 HIGH

The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ (Microsoft Message Queue) and doesn't set permissions on its private queues. As a result, remote unauthenticated clients can send messages to TCP port 1801 that the Collector Service will process. Additionally, upon processing of such messages, the service deserializes them in insecure manner, allowing remote arbitrary code execution as LocalSystem.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
solarwinds orion_platform *
CVE-2021-25275 LOW

SolarWinds Orion Platform before 2020.2.4, as used by various SolarWinds products, installs and uses a SQL Server backend, and stores database credentials to access this backend in a file readable by unprivileged users. As a result, any user having access to the filesystem can read database login details from that file, including the login name and its associated password. Then, the credentials can be used to get database owner access to the SWNetPerfMon.DB database. This gives access to the data collected by SolarWinds applications, and leads to admin access to the applications by inserting or changing authentication data stored in the Accounts table of the database.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: LOW

Problem Type: CWE-798,

Products Affected

Vendor Product Version
solarwinds orion_platform *
CVE-2021-25276 LOW

In SolarWinds Serv-U before 15.2.2 Hotfix 1, there is a directory containing user profile files (that include users' password hashes) that is world readable and writable. An unprivileged Windows user (having access to the server's filesystem) can add an FTP user by copying a valid profile file to this directory. For example, if this profile sets up a user with a C:\ home directory, then the attacker obtains access to read or replace arbitrary files with LocalSystem privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 1.8 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-732,

Products Affected

Vendor Product Version
solarwinds serv-u 15.2.2
solarwinds serv-u *
CVE-2021-27240 HIGH

This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Patch Manager 2020.2.1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the DataGridService WCF service. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of Administrator. Was ZDI-CAN-12009.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
solarwinds patch_manager 2020.2.1
CVE-2021-27258 HIGH

This vulnerability allows remote attackers to execute escalate privileges on affected installations of SolarWinds Orion Platform 2020.2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SaveUserSetting endpoint. The issue results from improper restriction of this endpoint to unprivileged users. An attacker can leverage this vulnerability to escalate privileges their privileges from Guest to Administrator. Was ZDI-CAN-11903.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-284,NVD-CWE-Other,

Products Affected

Vendor Product Version
solarwinds orion_platform 2020.2
CVE-2021-27277 HIGH

This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Orion Virtual Infrastructure Monitor 2020.2. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the OneTimeJobSchedulerEventsService WCF service. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-11955.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
solarwinds orion_platform 2020.2
CVE-2021-28674 MEDIUM

The node management page in SolarWinds Orion Platform before 2020.2.5 HF1 allows an attacker to create or delete a node (outside of the attacker's perimeter) via an account with write permissions. This occurs because node IDs are predictable (with incrementing numbers) and the access control on Services/NodeManagement.asmx/DeleteObjNow is incorrect. To exploit this, an attacker must be authenticated and must have node management rights associated with at least one valid group on the platform.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L 2.8 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-330,CWE-863,

Products Affected

Vendor Product Version
solarwinds orion_platform *
CVE-2021-3109 MEDIUM

The custom menu item options page in SolarWinds Orion Platform before 2020.2.5 allows Reverse Tabnabbing in the context of an administrator account.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
solarwinds orion_platform *
CVE-2021-31217 HIGH

In SolarWinds DameWare Mini Remote Control Server 12.0.1.200, insecure file permissions allow file deletion as SYSTEM.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 3.9 5.2

CVSS 2.0

Severity: HIGH

Problem Type: CWE-276,

Products Affected

Vendor Product Version
solarwinds dameware_mini_remote_control 12.0.1.200
CVE-2021-31474 HIGH

This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor 2020.2.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SolarWinds.Serialization library. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-12213.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
solarwinds network_performance_monitor *
CVE-2021-31475 HIGH

This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Job Scheduler 2020.2.1 HF 2. Authentication is required to exploit this vulnerability. The specific flaw exists within the JobRouterService WCF service. The issue is due to the WCF service configuration, which allows a critical resource to be accessed by unprivileged users. An attacker can leverage this vulnerability to execute code in the context of an administrator. Was ZDI-CAN-12007.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-732,

Products Affected

Vendor Product Version
solarwinds orion_job_scheduler 2020.2.1
CVE-2021-3154 MEDIUM

An issue was discovered in SolarWinds Serv-U before 15.2.2. Unauthenticated attackers can retrieve cleartext passwords via macro Injection. NOTE: this had a distinct fix relative to CVE-2020-35481.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,

Products Affected

Vendor Product Version
solarwinds serv-u *
CVE-2021-32076 MEDIUM

Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2. An attacker can access the 'Web Help Desk Getting Started Wizard', especially the admin account creation page, from a non-privileged IP address network range or loopback address by intercepting the HTTP request and changing the referrer from the public IP address to the loopback.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4
psirt@solarwinds.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-290,CWE-290,

Products Affected

Vendor Product Version
solarwinds web_help_desk *
CVE-2021-32604 LOW

Share/IncomingWizard.htm in SolarWinds Serv-U before 15.2.3 mishandles the user-supplied SenderEmail parameter, aka "Share URL XSS."

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
solarwinds serv-u *
CVE-2021-35211 HIGH

Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability. If exploited, a threat actor may be able to gain privileged access to the machine hosting Serv-U Only. SolarWinds Serv-U Managed File Transfer and Serv-U Secure FTP for Windows before 15.2.3 HF2 are affected by this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 10.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 3.9 6.0
psirt@solarwinds.com 9.0 CRITICAL CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 2.2 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
solarwinds serv-u 15.2.3
solarwinds serv-u *
CVE-2021-35212 HIGH

An SQL injection Privilege Escalation Vulnerability was discovered in the Orion Platform reported by the ZDI Team. A blind Boolean SQL injection which could lead to full read/write over the Orion database content including the Orion certificate for any authenticated user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 8.9 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L 2.3 6.0
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
solarwinds orion_platform 2020.2.5
solarwinds orion_platform 2020.2.1
solarwinds orion_platform 2020.2.4
solarwinds orion_platform 2019.2
solarwinds orion_platform 2019.4
CVE-2021-35213 HIGH

An Improper Access Control Privilege Escalation Vulnerability was discovered in the User Setting of Orion Platform version 2020.2.5. It allows a guest user to elevate privileges to the Administrator using this vulnerability. Authentication is required to exploit the vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 8.9 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L 2.3 6.0
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-284,NVD-CWE-Other,

Products Affected

Vendor Product Version
solarwinds orion_platform *
CVE-2021-35214 LOW

The vulnerability in SolarWinds Pingdom can be described as a failure to invalidate user session upon password or email address change. When running multiple active sessions in separate browser windows, it was observed a password or email address change could be changed without terminating the user session. This issue has been resolved on September 13, 2021.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N 1.0 3.6
psirt@solarwinds.com 4.8 MEDIUM CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N 0.4 4.0

CVSS 2.0

Severity: LOW

Problem Type: CWE-613,

Products Affected

Vendor Product Version
solarwinds pingdom *
CVE-2021-35215 MEDIUM

Insecure deserialization leading to Remote Code Execution was detected in the Orion Platform version 2020.2.5. Authentication is required to exploit this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
psirt@solarwinds.com 8.9 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L 2.3 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-502,CWE-502,

Products Affected

Vendor Product Version
solarwinds orion_platform *
CVE-2021-35216 HIGH

Insecure Deserialization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module. An Authenticated Attacker with network access via HTTP can compromise this vulnerability can result in Remote Code Execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 8.9 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L 2.3 6.0
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,CWE-502,

Products Affected

Vendor Product Version
solarwinds patch_manager *
CVE-2021-35217 MEDIUM

Insecure Deseralization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module and reported to us by ZDI. An Authenticated Attacker could exploit it by executing WSAsyncExecuteTasks deserialization of untrusted data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
psirt@solarwinds.com 8.9 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L 2.3 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-502,

Products Affected

Vendor Product Version
solarwinds patch_manager *
CVE-2021-35218 MEDIUM

Deserialization of Untrusted Data in the Web Console Chart Endpoint can lead to remote code execution. An unauthorized attacker who has network access to the Orion Patch Manager Web Console could potentially exploit this and compromise the server

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
psirt@solarwinds.com 8.9 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L 2.3 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-502,CWE-502,

Products Affected

Vendor Product Version
solarwinds orion_platform *
CVE-2021-35219 MEDIUM

ExportToPdfCmd Arbitrary File Read Information Disclosure Vulnerability using ImportAlert function within the Alerts Settings page.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6
psirt@solarwinds.com 6.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N 1.5 4.0

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
solarwinds orion_platform *
CVE-2021-35220 MEDIUM

Command Injection vulnerability in EmailWebPage API which can lead to a Remote Code Execution (RCE) from the Alerts Settings page.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 8.1 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N 1.7 5.8
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
solarwinds orion_platform *
CVE-2021-35221 MEDIUM

Improper Access Control Tampering Vulnerability using ImportAlert function which can lead to a Remote Code Execution (RCE) from the Alerts Settings page.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 6.3 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N 2.1 4.2
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 2.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,NVD-CWE-Other,

Products Affected

Vendor Product Version
solarwinds orion_platform *
CVE-2021-35222 MEDIUM

This vulnerability allows attackers to impersonate users and perform arbitrary actions leading to a Remote Code Execution (RCE) from the Alerts Settings page.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.6 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 2.8 6.0
psirt@solarwinds.com 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L 2.1 5.3

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
solarwinds orion_platform *
CVE-2021-35223 MEDIUM

The Serv-U File Server allows for events such as user login failures to be audited by executing a command. This command can be supplied with parameters that can take the form of user string variables, allowing remote code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 8.5 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H 1.8 6.0
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
solarwinds serv-u *
CVE-2021-35225 MEDIUM

Each authenticated Orion Platform user in a MSP (Managed Service Provider) environment can view and browse all NetPath Services from all that MSP's customers. This can lead to any user having a limited insight into other customer's infrastructure and potential data cross-contamination.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 5.0 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N 3.1 1.4
nvd@nist.gov 6.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N 3.1 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
solarwinds network_performance_monitor 2020.2.6
solarwinds network_performance_monitor *
CVE-2021-35226

An entity in Network Configuration Manager product is misconfigured and exposing password field to Solarwinds Information Service (SWIS). Exposed credentials are encrypted and require authenticated access with an NCM role.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
solarwinds network_configuration_manager *
CVE-2021-35227 MEDIUM

The HTTP interface was enabled for RabbitMQ Plugin in ARM 2020.2.6 and the ability to configure HTTPS was not available.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
psirt@solarwinds.com 4.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N 1.0 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-502,

Products Affected

Vendor Product Version
solarwinds access_rights_manager *
CVE-2021-35228 LOW

This vulnerability occurred due to missing input sanitization for one of the output fields that is extracted from headers on specific section of page causing a reflective cross site scripting attack. An attacker would need to perform a Man in the Middle attack in order to change header for a remote victim.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.7 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N 1.6 2.7
psirt@solarwinds.com 5.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L 2.1 3.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
solarwinds database_performance_analyzer 2021.3.7388
CVE-2021-35229 MEDIUM

Cross-site scripting vulnerability is present in Database Performance Monitor 2022.1.7779 and previous versions when using a complex SQL query

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7
psirt@solarwinds.com 6.8 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N 2.2 4.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
solarwinds database_performance_monitor *
solarwinds database_performance_analyzer *
CVE-2021-35230 HIGH

As a result of an unquoted service path vulnerability present in the Kiwi CatTools Installation Wizard, a local attacker could gain escalated privileges by inserting an executable into the path of the affected service or uninstall entry.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
solarwinds kiwi_cattools *
CVE-2021-35231 MEDIUM

As a result of an unquoted service path vulnerability present in the Kiwi Syslog Server Installation Wizard, a local attacker could gain escalated privileges by inserting an executable into the path of the affected service or uninstall entry. Example vulnerable path: "Computer\HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Kiwi Syslog Server\Parameters\Application".

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-428,CWE-428,

Products Affected

Vendor Product Version
solarwinds kiwi_syslog_server *
CVE-2021-35232 LOW

Hard coded credentials discovered in SolarWinds Web Help Desk product. Through these credentials, the attacker with local access to the Web Help Desk host machine allows to execute arbitrary HQL queries against the database and leverage the vulnerability to steal the password hashes of the users or insert arbitrary data into the database.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N 1.8 4.2
psirt@solarwinds.com 6.8 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N 2.5 4.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-798,CWE-798,

Products Affected

Vendor Product Version
solarwinds webhelpdesk *
CVE-2021-35233 MEDIUM

The HTTP TRACK & TRACE methods were enabled in Kiwi Syslog Server 9.7.1 and earlier. These methods are intended for diagnostic purposes only. If enabled, the web server will respond to requests that use these methods by returning exact HTTP request that was received in the response to the client. This may lead to the disclosure of sensitive information such as internal authentication headers appended by reverse proxies.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4
psirt@solarwinds.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-16,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
solarwinds kiwi_syslog_server *
CVE-2021-35234 MEDIUM

Numerous exposed dangerous functions within Orion Core has allows for read-only SQL injection leading to privileged escalation. An attacker with low-user privileges may steal password hashes and password salt information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
psirt@solarwinds.com 8.0 HIGH CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H 1.3 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,CWE-89,

Products Affected

Vendor Product Version
solarwinds orion_platform *
solarwinds orion_platform 2020.2.6
CVE-2021-35235 MEDIUM

The ASP.NET debug feature is enabled by default in Kiwi Syslog Server 9.7.2 and previous versions. ASP.NET allows remote debugging of web applications, if configured to do so. Debug mode causes ASP.NET to compile applications with extra information. The information enables a debugger to closely monitor and control the execution of an application. If an attacker could successfully start a remote debugging session, this is likely to disclose sensitive information about the web application and supporting infrastructure that may be valuable in targeting SWI with malicious intent.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4
psirt@solarwinds.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-11,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
solarwinds kiwi_syslog_server *
CVE-2021-35236 MEDIUM

The Secure flag is not set in the SSL Cookie of Kiwi Syslog Server 9.7.2 and previous versions. The Secure attribute tells the browser to only send the cookie if the request is being sent over a secure channel such as HTTPS. This will help protect the cookie from being passed over unencrypted requests. If the application can be accessed over both HTTP, there is a potential for the cookie can be sent in clear text.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4
psirt@solarwinds.com 3.1 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N 1.6 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-614,CWE-311,

Products Affected

Vendor Product Version
solarwinds kiwi_syslog_server *
CVE-2021-35237 MEDIUM

A missing HTTP header (X-Frame-Options) in Kiwi Syslog Server has left customers vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item, such as a button or link, to another server in which they have an identical webpage. The attacker essentially hijacks the user activity intended for the original server and sends them to the other server. This is an attack on both the user and the server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 5.0 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L 1.6 3.4
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-1021,CWE-1021,

Products Affected

Vendor Product Version
solarwinds kiwi_syslog_server *
CVE-2021-35238 LOW

User with Orion Platform Admin Rights could store XSS through URL POST parameter in CreateExternalWebsite website.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N 1.7 2.7
psirt@solarwinds.com 4.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
solarwinds orion_platform *
solarwinds orion_platform 2020.2.6
CVE-2021-35239 LOW

A security researcher found a user with Orion map manage rights could store XSS through via text box hyperlink.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 7.5 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L 1.7 5.3
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
solarwinds orion_platform *
solarwinds orion_platform 2020.2.6
CVE-2021-35240 LOW

A security researcher stored XSS via a Help Server setting. This affects customers using Internet Explorer, because they do not support 'rel=noopener'.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 6.5 MEDIUM CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:H/I:L/A:L 0.7 5.3
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
solarwinds orion_platform *
CVE-2021-35242 MEDIUM

Serv-U server responds with valid CSRFToken when the request contains only Session.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 8.3 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H 1.6 6.0
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,CWE-352,

Products Affected

Vendor Product Version
solarwinds serv-u *
CVE-2021-35243 MEDIUM

The HTTP PUT and DELETE methods were enabled in the Web Help Desk web server (12.7.7 and earlier), allowing users to execute dangerous HTTP requests. The HTTP PUT method is normally used to upload data that is saved on the server with a user-supplied URL. While the DELETE method requests that the origin server removes the association between the target resource and its current functionality. Improper use of these methods may lead to a loss of integrity.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-749,NVD-CWE-Other,

Products Affected

Vendor Product Version
solarwinds web_help_desk *
CVE-2021-35244 HIGH

The "Log alert to a file" action within action management enables any Orion Platform user with Orion alert management rights to write to any file. An attacker with Orion alert management rights could use this vulnerability to perform an unrestricted file upload causing a remote code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 6.8 MEDIUM CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L 1.0 5.3
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-434,

Products Affected

Vendor Product Version
solarwinds orion_platform *
solarwinds orion_platform 2020.2.6
CVE-2021-35245 MEDIUM

When a user has admin rights in Serv-U Console, the user can move, create and delete any files are able to be accessed on the Serv-U host machine.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N 2.3 4.0
psirt@solarwinds.com 8.4 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H 1.7 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,NVD-CWE-Other,

Products Affected

Vendor Product Version
solarwinds serv-u 15.2.5
solarwinds serv-u *
solarwinds serv-u 15.2.4
CVE-2021-35246

The application fails to prevent users from connecting to it over unencrypted connections. An attacker able to modify a legitimate user's network traffic could bypass the application's use of SSL/TLS encryption and use the application as a platform for attacks against its users.

Products Affected

Vendor Product Version
solarwinds engineer's_toolset 2020.2.6
CVE-2021-35247 MEDIUM

Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized. SolarWinds has updated the input mechanism to perform additional validation and sanitization. Please Note: No downstream affect has been detected as the LDAP servers ignored improper characters. To insure proper input validation is completed in all environments. SolarWinds recommends scheduling an update to the latest version of Serv-U.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4
psirt@solarwinds.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
solarwinds serv-u *
CVE-2021-35248 MEDIUM

It has been reported that any Orion user, e.g. guest accounts can query the Orion.UserSettings entity and enumerate users and their basic settings.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N 2.3 4.0
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-732,CWE-732,

Products Affected

Vendor Product Version
solarwinds orion_platform *
solarwinds orion_platform 2020.2.6
CVE-2021-35249 MEDIUM

This broken access control vulnerability pertains specifically to a domain admin who can access configuration & user data of other domains which they should not have access to. Please note the admin is unable to modify the data (read only operation). This UAC issue leads to a data leak to unauthorized users for a domain, with no log of them accessing the data unless they attempt to modify it. This read-only activity is logged to the original domain and does not specify which domain was accessed.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
solarwinds serv-u *
CVE-2021-35250 MEDIUM

A researcher reported a Directory Transversal Vulnerability in Serv-U 15.3. This may allow access to files relating to the Serv-U installation and server files. This issue has been resolved in Serv-U 15.3 Hotfix 1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6
psirt@solarwinds.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
solarwinds serv-u 15.3
CVE-2021-35251 MEDIUM

Sensitive information could be displayed when a detailed technical error message is posted. This information could disclose environmental details about the Web Help Desk installation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-209,CWE-209,

Products Affected

Vendor Product Version
solarwinds web_help_desk *
CVE-2021-35252

Common encryption key appears to be used across all deployed instances of Serv-U FTP Server. Because of this an encrypted value that is exposed to an attacker can be simply recovered to plaintext.

Products Affected

Vendor Product Version
solarwinds serv-u *
CVE-2021-35254 MEDIUM

SolarWinds received a report of a vulnerability related to an input that was not sanitized in WebHelpDesk. SolarWinds has removed this input field to prevent the misuse of this input in the future.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 8.2 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N 1.8 5.8
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,NVD-CWE-Other,

Products Affected

Vendor Product Version
solarwinds webhelpdesk 12.7.8
solarwinds webhelpdesk *
CVE-2022-36957

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9
psirt@solarwinds.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
solarwinds orion_platform *
solarwinds orion_platform 2022.3
solarwinds orion_platform 2020.2.6
solarwinds orion_platform 2022.2
CVE-2022-36958

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
solarwinds orion_platform *
solarwinds orion_platform 2022.3
solarwinds orion_platform 2020.2.6
solarwinds orion_platform 2022.2
CVE-2022-36960

SolarWinds Platform was susceptible to Improper Input Validation. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to escalate user privileges.

Products Affected

Vendor Product Version
solarwinds orion_platform *
solarwinds orion_platform 2022.3
solarwinds orion_platform 2020.2.6
solarwinds orion_platform 2022.2
CVE-2022-36961

A vulnerable component of Orion Platform was vulnerable to SQL Injection, an authenticated attacker could leverage this for privilege escalation or remote code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
psirt@solarwinds.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
solarwinds orion_platform *
CVE-2022-36962

SolarWinds Platform was susceptible to Command Injection. This vulnerability allows a remote adversary with complete control over the SolarWinds database to execute arbitrary commands.

Products Affected

Vendor Product Version
solarwinds orion_platform *
solarwinds orion_platform 2022.3
solarwinds orion_platform 2020.2.6
solarwinds orion_platform 2022.2
CVE-2022-36963

The SolarWinds Platform was susceptible to the Command Injection Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform admin account to execute arbitrary commands.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
solarwinds orion_platform *
CVE-2022-36964

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands.

Products Affected

Vendor Product Version
solarwinds orion_platform *
solarwinds orion_platform 2022.3
solarwinds orion_platform 2020.2.6
solarwinds orion_platform 2022.2
CVE-2022-36965

Insufficient sanitization of inputs in QoE application input field could lead to stored and Dom based XSS attack. This issue is fixed and released in SolarWinds Platform (2022.3.0).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

Products Affected

Vendor Product Version
solarwinds solarwinds_platform *
CVE-2022-36966

Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds Platform 2022.3 and previous.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 2.8 2.5
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 2.8 2.5

Products Affected

Vendor Product Version
solarwinds orion_platform *
solarwinds orion_platform 2022.3
solarwinds orion_platform 2020.2.6
solarwinds orion_platform 2022.2
CVE-2022-38106

This vulnerability happens in the web client versions 15.3.0 to Serv-U 15.3.1. This vulnerability affects the directory creation function.

Products Affected

Vendor Product Version
solarwinds serv-u 15.3.1
solarwinds serv-u 15.3.0
CVE-2022-38107

Sensitive information could be displayed when a detailed technical error message is posted. This information could disclose environmental details.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4
psirt@solarwinds.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
solarwinds sql_sentry *
CVE-2022-38108

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
solarwinds orion_platform *
solarwinds orion_platform 2022.3
solarwinds orion_platform 2020.2.6
solarwinds orion_platform 2022.2
CVE-2022-38110

In Database Performance Analyzer (DPA) 2022.4 and older releases, certain URL vectors are susceptible to authenticated reflected cross-site scripting.

Products Affected

Vendor Product Version
solarwinds database_performance_analyzer *
CVE-2022-38111

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
solarwinds orion_platform 2022.4.1
CVE-2022-38112

In DPA 2022.4 and older releases, generated heap memory dumps contain sensitive information in cleartext.

Products Affected

Vendor Product Version
solarwinds database_performance_analyzer *
CVE-2022-38113

This vulnerability discloses build and services versions in the server response header.

Products Affected

Vendor Product Version
solarwinds security_event_manager 2022.4
CVE-2022-38114

This vulnerability occurs when a web server fails to correctly process the Content-Length of POST requests. This can lead to HTTP request smuggling or XSS.

Products Affected

Vendor Product Version
solarwinds security_event_manager *
CVE-2022-38115

Insecure method vulnerability in which allowed HTTP methods are disclosed. E.g., OPTIONS, DELETE, TRACE, and PUT

Products Affected

Vendor Product Version
solarwinds security_event_manager *
CVE-2022-47012

Use of uninitialized variable in function gen_eth_recv in GNS3 dynamips 0.2.21.

Products Affected

Vendor Product Version
solarwinds dynamips 0.2.21
CVE-2022-47503

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9
psirt@solarwinds.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
solarwinds orion_platform 2022.4.1
CVE-2022-47504

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9
psirt@solarwinds.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
solarwinds orion_platform 2022.4.1
CVE-2022-47505

The SolarWinds Platform was susceptible to the Local Privilege Escalation Vulnerability. This vulnerability allows a local adversary with a valid system user account to escalate local privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
solarwinds orion_platform *
CVE-2022-47506

SolarWinds Platform was susceptible to the Directory Traversal Vulnerability. This vulnerability allows a local adversary with authenticated account access to edit the default configuration, enabling the execution of arbitrary commands.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
solarwinds orion_platform 2022.4.1
CVE-2022-47507

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
solarwinds orion_platform 2022.4.1
CVE-2022-47508

Customers who had configured their polling to occur via Kerberos did not expect NTLM Traffic on their environment, but since we were querying for data via IP address this prevented us from utilizing Kerberos.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
solarwinds server_and_application_monitor 2022.4
CVE-2022-47509

The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform account to append URL parameters to inject HTML.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N 2.8 1.4

Products Affected

Vendor Product Version
solarwinds orion_platform *
CVE-2022-47512

Sensitive information was stored in plain text in a file that is accessible by a user with a local account in Hybrid Cloud Observability (HCO)/ SolarWinds Platform 2022.4. No other versions are affected

Products Affected

Vendor Product Version
solarwinds solarwinds_platform 2022.4.0
CVE-2023-23836

SolarWinds Platform version 2022.4.1 was found to be susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to the SolarWinds Web Console to execute arbitrary commands.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
solarwinds orion_platform 2022.4.1
CVE-2023-23837

No exception handling vulnerability which revealed sensitive or excessive information to users.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 4.3 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

Products Affected

Vendor Product Version
solarwinds database_performance_analyzer *
CVE-2023-23838

Directory traversal and file enumeration vulnerability which allowed users to enumerate to different folders of the server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 4.0 MEDIUM CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N 0.4 3.6

Products Affected

Vendor Product Version
solarwinds database_performance_analyzer *
CVE-2023-23839

The SolarWinds Platform was susceptible to the Exposure of Sensitive Information Vulnerability. This vulnerability allows users to access Orion.WebCommunityStrings SWIS schema object and obtain sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N 2.3 4.0

Products Affected

Vendor Product Version
solarwinds solarwinds_platform *
CVE-2023-23840

The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
solarwinds orion_platform *
CVE-2023-23841

SolarWinds Serv-U is submitting an HTTP request when changing or updating the attributes for File Share or File request.  Part of the URL of the request discloses sensitive data.

Products Affected

Vendor Product Version
solarwinds serv-u *
CVE-2023-23842

The SolarWinds Network Configuration Manager was susceptible to the Directory Traversal Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

Products Affected

Vendor Product Version
solarwinds network_configuration_monitor *
CVE-2023-23843

The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

Products Affected

Vendor Product Version
solarwinds solarwinds_platform *
CVE-2023-23844

The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with SYSTEM privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

Products Affected

Vendor Product Version
solarwinds solarwinds_platform *
CVE-2023-23845

The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
solarwinds orion_platform *
CVE-2023-33224

The SolarWinds Platform was susceptible to the Incorrect Behavior Order Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

Products Affected

Vendor Product Version
solarwinds solarwinds_platform *
CVE-2023-33225

The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with SYSTEM privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

Products Affected

Vendor Product Version
solarwinds solarwinds_platform *
CVE-2023-33226

The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows a low-level user to perform the actions with SYSTEM privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
psirt@solarwinds.com 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9

Products Affected

Vendor Product Version
solarwinds network_configuration_manager *
CVE-2023-33227

The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability This vulnerability allows a low level user to perform the actions with SYSTEM privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
solarwinds network_configuration_manager *
CVE-2023-33228

The SolarWinds Network Configuration Manager was susceptible to the Exposure of Sensitive Information Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to obtain sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 4.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 0.9 3.6
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6

Products Affected

Vendor Product Version
solarwinds network_configuration_manager *
CVE-2023-33229

The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform account to append URL parameters to inject passive HTML.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 3.1 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N 1.6 1.4

Products Affected

Vendor Product Version
solarwinds solarwinds_platform *
CVE-2023-33231

XSS attack was possible in DPA 2023.2 due to insufficient input validation

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 5.4 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 2.8 2.5

Products Affected

Vendor Product Version
solarwinds database_performance_analyzer *
CVE-2023-35179

A vulnerability has been identified within Serv-U 15.4 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action. 

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9
psirt@solarwinds.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
solarwinds serv-u 15.4.0
CVE-2023-35180

The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows authenticated users to abuse SolarWinds ARM API.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
psirt@solarwinds.com 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9

Products Affected

Vendor Product Version
solarwinds access_rights_manager *
CVE-2023-35181

The SolarWinds Access Rights Manager was susceptible to Privilege Escalation Vulnerability. This vulnerability allows users to abuse incorrect folder permission resulting in Privilege Escalation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
psirt@solarwinds.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
solarwinds access_rights_manager *
CVE-2023-35182

The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability can be abused by unauthenticated users on SolarWinds ARM Server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
psirt@solarwinds.com 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
solarwinds access_rights_manager *
CVE-2023-35183

The SolarWinds Access Rights Manager was susceptible to Privilege Escalation Vulnerability. This vulnerability allows authenticated users to abuse local resources to Privilege Escalation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
solarwinds access_rights_manager *
CVE-2023-35184

The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an unauthenticated user to abuse a SolarWinds service resulting in a remote code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
solarwinds access_rights_manager *
CVE-2023-35185

The SolarWinds Access Rights Manager was susceptible to a Directory Traversal Remote Code Vulnerability using SYSTEM privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
solarwinds access_rights_manager *
CVE-2023-35186

The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an authenticated user to abuse SolarWinds service resulting in remote code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
solarwinds access_rights_manager *
CVE-2023-35187

The SolarWinds Access Rights Manager was susceptible to a Directory Traversal Remote Code Vulnerability. This vulnerability allows an unauthenticated user to achieve the Remote Code Execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
psirt@solarwinds.com 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
solarwinds access_rights_manager *
CVE-2023-35188

SQL Injection Remote Code Execution Vulnerability was found using a create statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
solarwinds solarwinds_platform *
CVE-2023-3622

Access Control Bypass Vulnerability in the SolarWinds Platform that allows an underprivileged user to read arbitrary resource

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 4.6 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L 2.1 2.5

Products Affected

Vendor Product Version
solarwinds solarwinds_platform *
CVE-2023-40053

A vulnerability has been identified within Serv-U 15.4 that allows an authenticated actor to insert content on the file share function feature of Serv-U, which could be used maliciously.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 5.0 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N 3.1 1.4
nvd@nist.gov 5.0 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N 3.1 1.4

Products Affected

Vendor Product Version
solarwinds serv-u 15.4.0
CVE-2023-40054

The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows a low-level user to perform the actions with SYSTEM privileges. We found this issue was not resolved in CVE-2023-33226

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
psirt@solarwinds.com 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9

Products Affected

Vendor Product Version
solarwinds network_configuration_manager *
CVE-2023-40055

The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows a low-level user to perform the actions with SYSTEM privileges. We found this issue was not resolved in CVE-2023-33227

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
solarwinds network_configuration_manager *
CVE-2023-40056

SQL Injection Remote Code Vulnerability was found in the SolarWinds Platform. This vulnerability can be exploited with a low privileged account.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
psirt@solarwinds.com 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9

Products Affected

Vendor Product Version
solarwinds solarwinds_platform *
CVE-2023-40057

The SolarWinds Access Rights Manager was found to be susceptible to a Remote Code Execution Vulnerability. If exploited, this vulnerability allows an authenticated user to abuse a SolarWinds service resulting in remote code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 9.0 CRITICAL CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 2.3 6.0

Products Affected

Vendor Product Version
solarwinds access_rights_manager *
CVE-2023-40058

Sensitive data was added to our public-facing knowledgebase that, if exploited, could be used to access components of Access Rights Manager (ARM) if the threat actor is in the same environment.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.8 3.6
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
solarwinds access_rights_manager *
CVE-2023-40060

A vulnerability has been identified within Serv-U 15.4 and 15.4 Hotfix 1 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action. 15.4.  SolarWinds found that the issue was not completely fixed in 15.4 Hotfix 1. 

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
solarwinds serv-u 15.4.0
CVE-2023-40061

 Insecure job execution mechanism vulnerability. This vulnerability can lead to other attacks as a result.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
psirt@solarwinds.com 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
solarwinds solarwinds_platform *
CVE-2023-40062

SolarWinds Platform Incomplete List of Disallowed Inputs Remote Code Execution Vulnerability. If executed, this vulnerability would allow a low-privileged user to execute commands with SYSTEM privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
psirt@solarwinds.com 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9

Products Affected

Vendor Product Version
solarwinds solarwinds_platform *
CVE-2023-50395

SQL Injection Remote Code Execution Vulnerability was found using an update statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
psirt@solarwinds.com 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9

Products Affected

Vendor Product Version
solarwinds solarwinds_platform *
CVE-2024-0692

The SolarWinds Security Event Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an unauthenticated user to abuse SolarWinds’ service, resulting in remote code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
solarwinds security_event_manager *
CVE-2024-23465

The SolarWinds Access Rights Manager was found to be susceptible to an authentication bypass vulnerability. This vulnerability allows an unauthenticated user to gain domain admin access within the Active Directory environment.  

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 8.3 HIGH CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 1.6 6.0

Products Affected

Vendor Product Version
solarwinds access_rights_manager *
CVE-2024-23466

SolarWinds Access Rights Manager (ARM) is susceptible to a Directory Traversal Remote Code Execution vulnerability. If exploited, this vulnerability allows an unauthenticated user to perform the actions with SYSTEM privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.8 6.0

Products Affected

Vendor Product Version
solarwinds access_rights_manager *
CVE-2024-23467

The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. This vulnerability allows an unauthenticated user to perform remote code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.8 6.0

Products Affected

Vendor Product Version
solarwinds access_rights_manager *
CVE-2024-23468

The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. This vulnerability allows an unauthenticated user to perform arbitrary file deletion and leak sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 7.6 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H 2.8 4.7

Products Affected

Vendor Product Version
solarwinds access_rights_manager *
CVE-2024-23469

SolarWinds Access Rights Manager (ARM) is susceptible to a Remote Code Execution vulnerability. If exploited, this vulnerability allows an unauthenticated user to perform the actions with SYSTEM privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.8 6.0

Products Affected

Vendor Product Version
solarwinds access_rights_manager *
CVE-2024-23470

The SolarWinds Access Rights Manager was found to be susceptible to a pre-authentication remote code execution vulnerability. If exploited, this vulnerability allows an unauthenticated user to run commands and executables.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.8 6.0

Products Affected

Vendor Product Version
solarwinds access_rights_manager *
CVE-2024-23471

The SolarWinds Access Rights Manager was found to be susceptible to a Remote Code Execution Vulnerability. If exploited, this vulnerability allows an authenticated user to abuse a SolarWinds service resulting in remote code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.8 6.0

Products Affected

Vendor Product Version
solarwinds access_rights_manager *
CVE-2024-23472

SolarWinds Access Rights Manager (ARM) is susceptible to Directory Traversal vulnerability. This vulnerability allows an authenticated user to arbitrary read and delete files in ARM.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.8 6.0

Products Affected

Vendor Product Version
solarwinds access_rights_manager *
CVE-2024-23473

The SolarWinds Access Rights Manager was found to contain a hard-coded credential authentication bypass vulnerability. If exploited, this vulnerability allows access to the RabbitMQ management console. We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L 3.9 4.7

Products Affected

Vendor Product Version
solarwinds access_rights_manager *
CVE-2024-23474

The SolarWinds Access Rights Manager was found to be susceptible to an Arbitrary File Deletion and Information Disclosure vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 7.6 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H 2.8 4.7

Products Affected

Vendor Product Version
solarwinds access_rights_manager *
CVE-2024-23475

The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. This vulnerability allows an unauthenticated user to perform arbitrary file deletion and leak sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.8 6.0

Products Affected

Vendor Product Version
solarwinds access_rights_manager *
CVE-2024-23476

The SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited, this vulnerability allows an unauthenticated user to achieve the Remote Code Execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.8 6.0

Products Affected

Vendor Product Version
solarwinds access_rights_manager *
CVE-2024-23477

The SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited, this vulnerability allows an unauthenticated user to achieve a Remote Code Execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 7.9 HIGH CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H 1.2 6.0

Products Affected

Vendor Product Version
solarwinds access_rights_manager *
CVE-2024-23478

SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Remote Code Execution Vulnerability. If exploited, this vulnerability allows an authenticated user to abuse a SolarWinds service, resulting in remote code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9

Products Affected

Vendor Product Version
solarwinds access_rights_manager *
CVE-2024-23479

SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited, this vulnerability allows an unauthenticated user to achieve a Remote Code Execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.8 6.0

Products Affected

Vendor Product Version
solarwinds access_rights_manager *
CVE-2024-28072

A highly privileged account can overwrite arbitrary files on the system with log output. The log file path tags were not sanitized properly.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 5.7 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L 0.9 4.7

Products Affected

Vendor Product Version
solarwinds serv-u 15.4.2
solarwinds serv-u *
CVE-2024-28073

SolarWinds Serv-U was found to be susceptible to a Directory Traversal Remote Code Vulnerability. This vulnerability requires a highly privileged account to be exploited.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 8.4 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H 1.7 6.0

Products Affected

Vendor Product Version
solarwinds serv-u *
CVE-2024-28074

It was discovered that a previous vulnerability was not completely fixed with SolarWinds Access Rights Manager. While some controls were implemented the researcher was able to bypass these and use a different method to exploit the vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.8 6.0

Products Affected

Vendor Product Version
solarwinds access_rights_manager *
CVE-2024-28075

The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an authenticated user to abuse SolarWinds service resulting in remote code execution. We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 9.0 CRITICAL CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 2.3 6.0

Products Affected

Vendor Product Version
solarwinds access_rights_manager *
CVE-2024-28076

The SolarWinds Platform was susceptible to a Arbitrary Open Redirection Vulnerability. A potential attacker can redirect to different domain when using URL parameter with relative entry in the correct format

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 7.0 HIGH CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:L 1.2 5.3

Products Affected

Vendor Product Version
solarwinds solarwinds_platform *
CVE-2024-28986

SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing.   However, out of an abundance of caution, we recommend all Web Help Desk customers apply the patch, which is now available.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
solarwinds web_help_desk *
solarwinds web_help_desk 12.8.3
CVE-2024-28987

The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2

Products Affected

Vendor Product Version
solarwinds web_help_desk *
solarwinds web_help_desk 12.8.3
CVE-2024-28988

SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability was found by the ZDI team after researching a previous vulnerability and providing this report. The ZDI team was able to discover an unauthenticated attack during their research.  We recommend all Web Help Desk customers apply the patch, which is now available.  We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
solarwinds web_help_desk *
solarwinds web_help_desk 12.8.3
CVE-2024-28989

SolarWinds Web Help Desk was found to have a hardcoded cryptographic key that could allow the disclosure of sensitive information from the software.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
solarwinds web_help_desk *
CVE-2024-28990

SolarWinds Access Rights Manager (ARM) was found to contain a hard-coded credential authentication bypass vulnerability. If exploited, this vulnerability would allow access to the RabbitMQ management console. We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 6.3 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 2.8 3.4

Products Affected

Vendor Product Version
solarwinds access_rights_manager *
CVE-2024-28991

SolarWinds Access Rights Manager (ARM) was found to be susceptible to a remote code execution vulnerability. If exploited, this vulnerability would allow an authenticated user to abuse the service, resulting in remote code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 9.0 CRITICAL CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 2.3 6.0

Products Affected

Vendor Product Version
solarwinds access_rights_manager *
CVE-2024-28992

The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. This vulnerability allows an unauthenticated user to perform arbitrary file deletion and leak sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 7.6 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H 2.8 4.7

Products Affected

Vendor Product Version
solarwinds access_rights_manager *
CVE-2024-28993

The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. This vulnerability allows an unauthenticated user to perform arbitrary file deletion and leak sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 7.6 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H 2.8 4.7

Products Affected

Vendor Product Version
solarwinds access_rights_manager *
CVE-2024-28995

SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N 3.9 4.0

Products Affected

Vendor Product Version
solarwinds serv-u 15.4.2
solarwinds serv-u *
CVE-2024-28996

The SolarWinds Platform was determined to be affected by a SWQL Injection Vulnerability. Attack complexity is high for this vulnerability.  

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 7.5 HIGH CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 1.6 5.9

Products Affected

Vendor Product Version
solarwinds solarwinds_platform *
CVE-2024-28999

The SolarWinds Platform was determined to be affected by a Race Condition Vulnerability affecting the web console.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 6.4 MEDIUM CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L 1.6 4.7

Products Affected

Vendor Product Version
solarwinds solarwinds_platform *
CVE-2024-29000

The SolarWinds Platform was determined to be affected by a reflected cross-site scripting vulnerability affecting the web console. A high-privileged user and user interaction is required to exploit this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 7.9 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H 1.2 6.0

Products Affected

Vendor Product Version
solarwinds solarwinds_platform *
CVE-2024-29001

A SolarWinds Platform SWQL Injection Vulnerability was identified in the user interface. This vulnerability requires authentication and user interaction to be exploited.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 7.5 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L 1.7 5.3

Products Affected

Vendor Product Version
solarwinds solarwinds_platform *
CVE-2024-29003

The SolarWinds Platform was susceptible to a XSS vulnerability that affects the maps section of the user interface. This vulnerability requires authentication and requires user interaction.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 7.5 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L 1.7 5.3

Products Affected

Vendor Product Version
solarwinds solarwinds_platform *
CVE-2024-29004

The SolarWinds Platform was determined to be affected by a stored cross-site scripting vulnerability affecting the web console. A high-privileged user and user interaction is required to exploit this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 7.1 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L 1.2 5.3

Products Affected

Vendor Product Version
solarwinds solarwinds_platform *
CVE-2024-45709

SolarWinds Web Help Desk was susceptible to a local file read vulnerability. This vulnerability requires the software be installed on Linux and configured to use non-default development/test mode making exposure to the vulnerability very limited.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6
psirt@solarwinds.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N 1.6 3.6

Products Affected

Vendor Product Version
solarwinds web_help_desk *
CVE-2024-45712

SolarWinds Serv-U is vulnerable to a client-side cross-site scripting (XSS) vulnerability. The vulnerability can only be performed by an authenticated account, on the local machine, from the local browser session. Therefore the risk is very low.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7
psirt@solarwinds.com 2.6 LOW CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N 1.2 1.4

Products Affected

Vendor Product Version
solarwinds serv-u *
CVE-2024-45713

SolarWinds Kiwi CatTools is susceptible to a sensitive data disclosure vulnerability when a non-default setting has been enabled for troubleshooting purposes.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 5.1 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:L 0.3 4.7

Products Affected

Vendor Product Version
solarwinds kiwi_cattools *
CVE-2024-45715

The SolarWinds Platform was susceptible to a Cross-Site Scripting vulnerability when performing an edit function to existing elements.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 7.1 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L 1.2 5.3

Products Affected

Vendor Product Version
solarwinds solarwinds_platform *
CVE-2024-45717

The SolarWinds Platform was susceptible to a XSS vulnerability that affects the search and node information section of the user interface. This vulnerability requires authentication and requires user interaction.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 7.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L 1.5 5.5

Products Affected

Vendor Product Version
solarwinds solarwinds_platform *
CVE-2024-52606

SolarWinds Platform is affected by server-side request forgery vulnerability. Proper input sanitation was not applied allowing for the possibility of a malicious web request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
psirt@solarwinds.com 3.5 LOW CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 2.1 1.4

Products Affected

Vendor Product Version
solarwinds solarwinds_platform *
CVE-2024-52611

The SolarWinds Platform is vulnerable to an information disclosure vulnerability through an error message. While the data does not provide anything sensitive, the information could assist an attacker in other malicious actions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 3.5 LOW CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.1 1.4

Products Affected

Vendor Product Version
solarwinds solarwinds_platform *
CVE-2024-52612

SolarWinds Platform is vulnerable to a reflected cross-site scripting vulnerability. This was caused by an insufficient sanitation of input parameters. This vulnerability requires authentication by a high- privileged account to be exploitable.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7
psirt@solarwinds.com 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

Products Affected

Vendor Product Version
solarwinds solarwinds_platform *
CVE-2025-26391

SolarWinds Observability Self-Hosted XSS Vulnerability. The SolarWinds Platform was susceptible to a XSS vulnerability that affects user-created URL fields. This vulnerability requires authentication from a low-level account.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 5.4 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N 2.3 2.7

Products Affected

Vendor Product Version
solarwinds observability_self-hosted *
CVE-2025-26392

SolarWinds Observability Self-Hosted is susceptible to SQL injection vulnerability that may display sensitive data using a low-level account. This vulnerability requires authentication from a low-privilege account.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 5.4 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N 2.3 2.7

Products Affected

Vendor Product Version
solarwinds observability_self-hosted *
CVE-2025-26394

SolarWinds Observability Self-Hosted is susceptible to an open redirection vulnerability. The URL is not properly sanitized, and an attacker could manipulate the string to redirect a user to a malicious site. The attack complexity is high, and authentication is required.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 4.8 MEDIUM CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N 1.2 3.6

Products Affected

Vendor Product Version
solarwinds observability_self-hosted *
CVE-2025-26395

SolarWinds Observability Self-Hosted was susceptible to a cross-site scripting (XSS) vulnerability due to an unsanitized field in the URL. The attack requires authentication using an administrator-level account and user interaction is required.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 7.1 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L 1.2 5.3

Products Affected

Vendor Product Version
solarwinds observability_self-hosted *
CVE-2025-26397

SolarWinds Observability Self-Hosted is susceptible to Deserialization of Untrusted Data Local Privilege Escalation vulnerability. An attacker with low privileges can escalate privileges to run malicious files copied to a permission-protected folder. This vulnerability requires authentication from a low-level account and local access to the host server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
solarwinds observability_self-hosted *
CVE-2025-26398

SolarWinds Database Performance Analyzer was found to contain a hard-coded cryptographic key. If exploited, this vulnerability could lead to a machine-in-the-middle (MITM) attack against users. This vulnerability requires additional software not installed by default, local access to the server and administrator level privileges on the host.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 5.6 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N 0.3 5.2

Products Affected

Vendor Product Version
solarwinds database_performance_analyzer *
CVE-2025-26399

SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
solarwinds web_help_desk 12.8.7
solarwinds web_help_desk *
CVE-2025-26400

SolarWinds Web Help Desk was reported to be affected by an XML External Entity Injection (XXE) vulnerability that could lead to information disclosure. A valid, low-privilege access is required unless the attacker had access to the local server to modify configuration files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N 1.6 3.6

Products Affected

Vendor Product Version
solarwinds web_help_desk *
CVE-2025-40536

SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

Products Affected

Vendor Product Version
solarwinds web_help_desk *
CVE-2025-40537

SolarWinds Web Help Desk was found to be susceptible to a hardcoded credentials vulnerability that, under certain situations, could allow access to administrative functions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.6 5.9

Products Affected

Vendor Product Version
solarwinds web_help_desk *
CVE-2025-40538

A broken access control vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to create a system admin user and execute arbitrary code as a privileged account via domain admin or group admin privileges. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 2.3 6.0

Products Affected

Vendor Product Version
solarwinds serv-u *
CVE-2025-40539

A type confusion vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to execute arbitrary native code as privileged account. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 2.3 6.0

Products Affected

Vendor Product Version
solarwinds serv-u *
CVE-2025-40540

A type confusion vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to execute arbitrary native code as privileged account. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 2.3 6.0

Products Affected

Vendor Product Version
solarwinds serv-u *
CVE-2025-40541

An Insecure Direct Object Reference (IDOR) vulnerability exists in Serv-U, which when exploited, gives a malicious actor the ability to execute native code as a privileged account. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 2.3 6.0

Products Affected

Vendor Product Version
solarwinds serv-u *
CVE-2025-40545

SolarWinds Observability Self-Hosted is susceptible to an open redirection vulnerability. The URL is not properly sanitized, and an attacker could manipulate the string to redirect a user to a malicious site. The attack complexity is high, and authentication is required.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 4.8 MEDIUM CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N 1.2 3.6

Products Affected

Vendor Product Version
solarwinds observability_self-hosted *
CVE-2025-40547

A logic error vulnerability exists in Serv-U which when abused could give a malicious actor with access to admin privileges the ability to execute code. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 2.3 6.0

Products Affected

Vendor Product Version
solarwinds serv-u *
CVE-2025-40548

A missing validation process exists in Serv U when abused, could give a malicious actor with access to admin privileges the ability to execute code. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 2.3 6.0

Products Affected

Vendor Product Version
solarwinds serv-u *
CVE-2025-40549

A Path Restriction Bypass vulnerability exists in Serv-U that when abused, could give a malicious actor with access to admin privileges the ability to execute code on a directory. This issue requires administrative privileges to abuse. On Windows systems, this scored as medium due to differences in how paths and home directories are handled.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 2.3 6.0

Products Affected

Vendor Product Version
solarwinds serv-u *
CVE-2025-40551

SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
solarwinds web_help_desk *
CVE-2025-40552

SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that if exploited, would allow a malicious actor to execute actions and methods that should be protected by authentication.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
solarwinds web_help_desk *
CVE-2025-40553

SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
solarwinds web_help_desk *
CVE-2025-40554

SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that, if exploited, could allow an attacker to invoke specific actions within Web Help Desk.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@solarwinds.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
solarwinds web_help_desk *