← Back

Solarwinds

solarwinds

317 CVEs • 57 products

Products (57)

Click to collapse
Toggle
Orion Platform
orion_platform
49 CVEs
Serv U
serv-u
39 CVEs
Access Rights Manager
access_rights_manager
32 CVEs
Solarwinds Platform
solarwinds_platform
27 CVEs
Serv U File Server
serv-u_file_server
20 CVEs
Web Help Desk
web_help_desk
20 CVEs
Serv U Ftp Server
serv-u_ftp_server
11 CVEs
Database Performance Analyzer
database_performance_analyzer
10 CVEs
Orion Network Performance Monitor
orion_network_performance_monitor
9 CVEs
N Central
n-central
9 CVEs
Network Performance Monitor
network_performance_monitor
8 CVEs
Observability Self Hosted
observability_self-hosted
8 CVEs
Dameware Mini Remote Control
dameware_mini_remote_control
7 CVEs
Network Configuration Manager
network_configuration_manager
7 CVEs
Tftp Server
tftp_server
6 CVEs
Webhelpdesk
webhelpdesk
6 CVEs
Log And Event Manager
log_and_event_manager
5 CVEs
Kiwi Syslog Server
kiwi_syslog_server
5 CVEs
Orion Web Performance Monitor
orion_web_performance_monitor
4 CVEs
Security Event Manager
security_event_manager
4 CVEs
Server And Application Monitor
server_and_application_monitor
3 CVEs
Storage Manager
storage_manager
3 CVEs
Virtualization Manager
virtualization_manager
3 CVEs
Log & Event Manager
log_&_event_manager
3 CVEs
Patch Manager
patch_manager
3 CVEs
Ftp Voyager
ftp_voyager
2 CVEs
Sftp/scp Server
sftp/scp_server
2 CVEs
Serv U Mft Server
serv-u_mft_server
2 CVEs
Netpath
netpath
2 CVEs
Kiwi Cattools
kiwi_cattools
2 CVEs
Ip Address Manager Web Interface
ip_address_manager_web_interface
1 CVE
Dameware Remote Support
dameware_remote_support
1 CVE
Orion Ip Address Manager
orion_ip_address_manager
1 CVE
Orion Netflow Traffic Analyzer
orion_netflow_traffic_analyzer
1 CVE
Orion Network Configuration Manager
orion_network_configuration_manager
1 CVE
Orion Server And Application Manager
orion_server_and_application_manager
1 CVE
Orion User Device Tracker
orion_user_device_tracker
1 CVE
Orion Voip & Network Quality Manager
orion_voip_&_network_quality_manager
1 CVE
Firewall Security Manager
firewall_security_manager
1 CVE
N Able N Central
n-able_n-central
1 CVE
Storage Resource Monitor
storage_resource_monitor
1 CVE
Backup Profiler
backup_profiler
1 CVE
Storage Profiler
storage_profiler
1 CVE
Network Performance Monitor Orion Platform 2018 Netpath
network_performance_monitor_orion_platform_2018_netpath
1 CVE
Network Performance Monitor Orion Platform 2018 Npm
network_performance_monitor_orion_platform_2018_npm
1 CVE
Serv U Managed File Transfer
serv-u_managed_file_transfer
1 CVE
Dameware
dameware
1 CVE
Managed Service Provider Patch Management Engine
managed_service_provider_patch_management_engine
1 CVE
Advanced Monitoring Agent
advanced_monitoring_agent
1 CVE
Help Desk
help_desk
1 CVE
Orion Job Scheduler
orion_job_scheduler
1 CVE
Pingdom
pingdom
1 CVE
Database Performance Monitor
database_performance_monitor
1 CVE
Sql Sentry
sql_sentry
1 CVE
Engineer's Toolset
engineer's_toolset
1 CVE
Dynamips
dynamips
1 CVE
Network Configuration Monitor
network_configuration_monitor
1 CVE

CVEs (317)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2022-38112
1Solarwinds
1Database Performance Analyzer
Nov 21, 2024
Jan 20, 2023
N/A· v4
7.5 HIGH· v3
N/A· v2
In DPA 2022.4 and older releases, generated heap memory dumps contain sensitive information in cleartext.
CVE-2022-38110
1Solarwinds
1Database Performance Analyzer
Nov 21, 2024
Jan 20, 2023
N/A· v4
5.4 MEDIUM· v3
N/A· v2
In Database Performance Analyzer (DPA) 2022.4 and older releases, certain URL vectors are susceptible to authenticated reflected cross-site scripting.
CVE-2022-47512
1Solarwinds
1Solarwinds Platform
Nov 21, 2024
Dec 19, 2022
N/A· v4
5.5 MEDIUM· v3
N/A· v2
Sensitive information was stored in plain text in a file that is accessible by a user with a local account in Hybrid Cloud Observability (HCO)/ SolarWinds Platform 2022.4. No other versions are affected
CVE-2022-38106
1Solarwinds
1Serv U
Feb 25, 2026
Dec 16, 2022
N/A· v4
5.4 MEDIUM· v3
N/A· v2
This vulnerability happens in the web client versions 15.3.0 to Serv-U 15.3.1. This vulnerability affects the directory creation function.
CVE-2021-35252
1Solarwinds
1Serv U
Nov 21, 2024
Dec 16, 2022
N/A· v4
7.5 HIGH· v3
N/A· v2
Common encryption key appears to be used across all deployed instances of Serv-U FTP Server. Because of this an encrypted value that is exposed to an attacker can be simply recovered to plaintext.
CVE-2022-36964
1Solarwinds
1Orion Platform
Nov 21, 2024
Nov 29, 2022
N/A· v4
8.8 HIGH· v3
N/A· v2
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands.
CVE-2022-36962
1Solarwinds
1Orion Platform
Nov 21, 2024
Nov 29, 2022
N/A· v4
7.2 HIGH· v3
N/A· v2
SolarWinds Platform was susceptible to Command Injection. This vulnerability allows a remote adversary with complete control over the SolarWinds database to execute arbitrary commands.
CVE-2022-36960
1Solarwinds
1Orion Platform
Nov 21, 2024
Nov 29, 2022
N/A· v4
8.8 HIGH· v3
N/A· v2
SolarWinds Platform was susceptible to Improper Input Validation. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to escalate user privileges.
CVE-2022-38115
1Solarwinds
1Security Event Manager
Nov 21, 2024
Nov 23, 2022
N/A· v4
5.3 MEDIUM· v3
N/A· v2
Insecure method vulnerability in which allowed HTTP methods are disclosed. E.g., OPTIONS, DELETE, TRACE, and PUT
CVE-2022-38114
1Solarwinds
1Security Event Manager
Nov 21, 2024
Nov 23, 2022
N/A· v4
6.1 MEDIUM· v3
N/A· v2
This vulnerability occurs when a web server fails to correctly process the Content-Length of POST requests. This can lead to HTTP request smuggling or XSS.
CVE-2022-38113
1Solarwinds
1Security Event Manager
Nov 21, 2024
Nov 23, 2022
N/A· v4
5.3 MEDIUM· v3
N/A· v2
This vulnerability discloses build and services versions in the server response header.
CVE-2021-35246
1Solarwinds
1Engineer's Toolset
Nov 21, 2024
Nov 23, 2022
N/A· v4
5.3 MEDIUM· v3
N/A· v2
The application fails to prevent users from connecting to it over unencrypted connections. An attacker able to modify a legitimate user's network traffic could bypass the application's use of SSL/TLS encryption and use t...Show more
The application fails to prevent users from connecting to it over unencrypted connections. An attacker able to modify a legitimate user's network traffic could bypass the application's use of SSL/TLS encryption and use the application as a platform for attacks against its users.Show less
CVE-2022-38108
1Solarwinds
1Orion Platform
May 8, 2025
Oct 20, 2022
N/A· v4
7.2 HIGH· v3
N/A· v2
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
CVE-2022-36966
1Solarwinds
1Orion Platform
May 7, 2025
Oct 20, 2022
N/A· v4
5.4 MEDIUM· v3
N/A· v2
Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds Platform 2022.3 and previous...Show more
Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds Platform 2022.3 and previous.Show less
CVE-2022-36958
1Solarwinds
1Orion Platform
Nov 21, 2024
Oct 20, 2022
N/A· v4
8.8 HIGH· v3
N/A· v2
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands.
CVE-2022-36957
1Solarwinds
1Orion Platform
Nov 21, 2024
Oct 20, 2022
N/A· v4
7.2 HIGH· v3
N/A· v2
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
CVE-2022-38107
1Solarwinds
1Sql Sentry
Nov 21, 2024
Oct 19, 2022
N/A· v4
5.3 MEDIUM· v3
N/A· v2
Sensitive information could be displayed when a detailed technical error message is posted. This information could disclose environmental details.
CVE-2021-35226
1Solarwinds
1Network Configuration Manager
Feb 24, 2026
Oct 10, 2022
N/A· v4
6.5 MEDIUM· v3
N/A· v2
An entity in Network Configuration Manager product is misconfigured and exposing password field to Solarwinds Information Service (SWIS). Exposed credentials are encrypted and require authenticated access with an NCM rol...Show more
An entity in Network Configuration Manager product is misconfigured and exposing password field to Solarwinds Information Service (SWIS). Exposed credentials are encrypted and require authenticated access with an NCM role.Show less
CVE-2022-36965
1Solarwinds
1Solarwinds Platform
May 20, 2025
Sep 30, 2022
N/A· v4
6.1 MEDIUM· v3
N/A· v2
Insufficient sanitization of inputs in QoE application input field could lead to stored and Dom based XSS attack. This issue is fixed and released in SolarWinds Platform (2022.3.0).
CVE-2022-36961
1Solarwinds
1Orion Platform
Nov 21, 2024
Sep 30, 2022
N/A· v4
8.8 HIGH· v3
N/A· v2
A vulnerable component of Orion Platform was vulnerable to SQL Injection, an authenticated attacker could leverage this for privilege escalation or remote code execution.