Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

SolarWinds — Vulnerabilities & Security Advisories 166

Browse all 166 CVE security advisories affecting SolarWinds. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top 10 Products SolarWinds:Access Rights ManagerSolarWinds PlatformOrion PlatformWeb Help DeskServ-USolarWinds Observability Self-HostedKiwi Syslog ServerPatch ManagerDatabase Performance AnalyzerNetwork Configuration ManagerNetwork Performance MonitorDatabase Performance Analyzer (DPA)ServUSolarWinds Platform Kiwi CatToolsSolarWindsSolarWinds Serv-UDPAKiwi Syslog NGService DeskHybrid Cloud Observability (HCO)/ SolarWinds PlatformServer & Application Monitor (SAM)Dameware Mini Remote Control ServiceObservability Self-HostedSQL SentryServ-U File ServerWebHelpDeskServ-U FTP ServerOrionEngineer's Toolset
CVE IDTitleCVSSSeverityPaused
CVE-2021-35229 Cross-Site Scripting Vulnerability using SQL Query — Database Performance MonitorCWE-79 6.8 Medium2022-04-21
CVE-2021-35254 Authenticated Remote Code Execution in WebHelpDesk 12.7.8 — WebHelpDeskCWE-20 8.2 High2022-03-25
CVE-2021-35251 Sensitive Data Disclosure Vulnerability — Web Help DeskCWE-209 5.3 Medium2022-03-09
CVE-2021-35247 Improper Input Validation Vulnerability in Serv-U — Serv-UCWE-20 4.3 Medium2022-01-07
CVE-2021-35232 Hard credentials discovered in SolarWinds Web Help Desk which allows to execute Arbitrary Hibernate Queries — Web Help DeskCWE-798 6.8 Medium2021-12-27
CVE-2021-35243 HTTP PUT & DELETE Methods Enabled — Web Help DeskCWE-749 5.3 Medium2021-12-23
CVE-2021-35234 Exposed Dangerous Functions - Privileged Escalation — Orion CoreCWE-89 8.0 High2021-12-20
CVE-2021-35244 Unrestricted File Upload Causing Remote Code Execution: Orion Platform 2020.2.6 — Orion Platform 6.8 Medium2021-12-20
CVE-2021-35248 Unrestricted access to Orion.UserSettings SWIS entity for low-privilege users — OrionCWE-732 6.8 Medium2021-12-20
CVE-2021-35242 A valid CSRF token is present in response to an invalid request — Serv-U ServerCWE-352 8.3 High2021-12-06
CVE-2021-35245 Broken Access Control Vulnerability for SolarWinds Serv-U — Serv-U FTPCWE-284 8.4 High2021-12-06
CVE-2021-35237 Clickjacking Vulnerability — Kiwi Syslog ServerCWE-1021 5.0 Medium2021-10-29
CVE-2021-35236 Missing Secure Flag From SSL Cookie — Kiwi Syslog ServerCWE-614 3.1 Low2021-10-27
CVE-2021-35235 ASP.NET Debug Feature Enabled — Kiwi Syslog ServerCWE-11 5.3 Medium2021-10-27
CVE-2021-35233 HTTP TRACK & TRACE Methods Enabled — Kiwi Syslog ServerCWE-16 5.3 Medium2021-10-27
CVE-2021-35231 Unquoted Path (SMB Login) Vulnerability — Kiwi Syslog ServerCWE-428 6.7 Medium2021-10-25
CVE-2021-35230 Unquoted Path Vulnerability (SMB Login) in Kiwi CatTools — Kiwi CatToolsCWE-22 6.7 Medium2021-10-22
CVE-2021-35228 Reflected cross site scripting affecting SolarWinds: DPA 2021.3.7388 — SolarWinds 5.5 Medium2021-10-21
CVE-2021-35227 Insecure Web Configuration for RabbitMQ Management Plugin in SolarWinds ARM — Access Rights ManagerCWE-79 4.7 Medium2021-10-21
CVE-2021-35225 Netpath Horizontal Privilege Escalation Vulnerability: NPM 2020.2.5 — NPM 5.0 Medium2021-10-21
CVE-2021-35214 Session Management Vulnerability — Pingdom 4.8 Medium2021-10-12
CVE-2021-35217 Insecure Deserialization of untrusted data causing Remote code execution vulnerability. — Orion Platform 8.9 High2021-09-08
CVE-2021-35218 Chart Endpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability — Patch ManagerCWE-502 8.9 High2021-09-01
CVE-2021-35216 Deserialization of Untrusted Data in Resource Controls Remote Code Execution — Patch ManagerCWE-502 8.9 High2021-09-01
CVE-2021-35215 ActionPluginBaseView Deserialization of Untrusted Data RCE — Orion PlatformCWE-502 8.9 High2021-09-01
CVE-2021-35238 Stored XSS through URL POST parameter in CreateExternalWebsite Vulnerability — Orion PlatformCWE-79 4.8 Medium2021-09-01
CVE-2021-35212 Blind SQL injection Vulnerability — Orion Platform 8.9 High2021-08-31
CVE-2021-35223 Execute Command Function Allows Remote Code Execution (RCE)Vulnerability — Serv-UCWE-20 8.5 High2021-08-31
CVE-2021-35213 Orion User setting Improper Access Control Privilege Escalation Vulnerability — Orion PlatformCWE-284 8.9 High2021-08-31
CVE-2021-35240 Stored XSS via Help Server settings — Orion PlatformCWE-79 6.5 Medium2021-08-31

This page lists every published CVE security advisory associated with SolarWinds. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.