SolarWinds IT Management Software and Remote Monitoring Tools
Products by SolarWinds Sorted by Most Security Vulnerabilities since 2018
Known Exploited SolarWinds Vulnerabilities
The following SolarWinds vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
Title | Description | Added |
---|---|---|
SolarWinds Serv-U Improper Input Validation Vulnerability | SolarWinds Serv-U versions 15.2.5 and earlier contain an improper input validation vulnerability which allows attackers to build and send queries without sanitization. CVE-2021-35247 | January 21, 2022 |
SolarWinds Orion API Authentication Bypass Vulnerability | The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. SolarWinds Orion Platform versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1 are affected. CVE-2020-10148 | November 3, 2021 |
SolarWinds Serv-U Remote Memory Escape Vulnerability | Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability. CVE-2021-35211 | November 3, 2021 |
SolarWinds Virtualization Manager Privilege Escalation Vulnerability | SolarWinds Virtualization Manager 6.3.1 and earlier allow local users to gain privileges by leveraging a misconfiguration of sudo, as demonstrated by "sudo cat /etc/passwd." CVE-2016-3643 | November 3, 2021 |
By the Year
In 2023 there have been 27 vulnerabilities in SolarWinds with an average score of 6.9 out of ten. Last year SolarWinds had 23 security vulnerabilities published. That is, 4 more vulnerabilities have already been reported in 2023 as compared to last year. However, the average CVE base score of the vulnerabilities in 2023 is greater by 0.25.
Year | Vulnerabilities | Average Score |
---|---|---|
2023 | 27 | 6.87 |
2022 | 23 | 6.62 |
2021 | 49 | 7.04 |
2020 | 29 | 7.08 |
2019 | 14 | 7.51 |
2018 | 5 | 8.10 |
It may take a day or so for new SolarWinds vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent SolarWinds Security Vulnerabilities
The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability
CVE-2023-23845
7.2 - High
- September 13, 2023
The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges.
Incorrect Comparison
The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability
CVE-2023-23840
7.2 - High
- September 13, 2023
The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges.
Incorrect Comparison
A vulnerability has been identified within Serv-U 15.4 and 15.4 Hotfix 1
CVE-2023-40060
7.2 - High
- September 07, 2023
A vulnerability has been identified within Serv-U 15.4 and 15.4 Hotfix 1 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action. 15.4. SolarWinds found that the issue was not completely fixed in 15.4 Hotfix 1.
Authorization
A vulnerability has been identified within Serv-U 15.4 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication
CVE-2023-35179
7.2 - High
- August 11, 2023
A vulnerability has been identified within Serv-U 15.4 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action.
Authorization
The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability
CVE-2023-33229
3.5 - Low
- July 26, 2023
The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform account to append URL parameters to inject passive HTML.
Code Injection
The SolarWinds Network Configuration Manager was susceptible to the Directory Traversal Vulnerability
CVE-2023-23842
7.2 - High
- July 26, 2023
The SolarWinds Network Configuration Manager was susceptible to the Directory Traversal Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands.
Directory traversal
Access Control Bypass Vulnerability in the SolarWinds Platform
CVE-2023-3622
4.3 - Medium
- July 26, 2023
Access Control Bypass Vulnerability in the SolarWinds Platform that allows an underprivileged user to read arbitrary resource
Authorization
The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability
CVE-2023-23844
7.2 - High
- July 26, 2023
The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with SYSTEM privileges.
Incorrect Comparison
The SolarWinds Platform was susceptible to the Incorrect Behavior Order Vulnerability
CVE-2023-33224
7.2 - High
- July 26, 2023
The SolarWinds Platform was susceptible to the Incorrect Behavior Order Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges.
The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability
CVE-2023-23843
7.2 - High
- July 26, 2023
The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands.
Incorrect Comparison
The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability
CVE-2023-33225
7.2 - High
- July 26, 2023
The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with SYSTEM privileges.
AuthZ
XSS attack was possible in DPA 2023.2 due to insufficient input validation
CVE-2023-33231
6.1 - Medium
- July 18, 2023
XSS attack was possible in DPA 2023.2 due to insufficient input validation
XSS
SolarWinds Serv-U is submitting an HTTP request when changing or updating the attributes for File Share or File request
CVE-2023-23841
7.5 - High
- June 15, 2023
SolarWinds Serv-U is submitting an HTTP request when changing or updating the attributes for File Share or File request.? Part of the URL of the request discloses sensitive data.
Cleartext Transmission of Sensitive Information
The SolarWinds Platform was susceptible to the Exposure of Sensitive Information Vulnerability
CVE-2023-23839
6.5 - Medium
- April 25, 2023
The SolarWinds Platform was susceptible to the Exposure of Sensitive Information Vulnerability. This vulnerability allows users to access Orion.WebCommunityStrings SWIS schema object and obtain sensitive information.
The SolarWinds Platform was susceptible to the Local Privilege Escalation Vulnerability
CVE-2022-47505
7.8 - High
- April 21, 2023
The SolarWinds Platform was susceptible to the Local Privilege Escalation Vulnerability. This vulnerability allows a local adversary with a valid system user account to escalate local privileges.
Improper Privilege Management
The SolarWinds Platform was susceptible to the Command Injection Vulnerability
CVE-2022-36963
7.2 - High
- April 21, 2023
The SolarWinds Platform was susceptible to the Command Injection Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform admin account to execute arbitrary commands.
Code Injection
The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability
CVE-2022-47509
6.1 - Medium
- April 21, 2023
The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform account to append URL parameters to inject HTML.
XSS
SolarWinds Platform version 2022.4.1 was found to be susceptible to the Deserialization of Untrusted Data
CVE-2023-23836
7.2 - High
- February 15, 2023
SolarWinds Platform version 2022.4.1 was found to be susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to the SolarWinds Web Console to execute arbitrary commands.
Marshaling, Unmarshaling
Customers who had configured their polling to occur
CVE-2022-47508
7.5 - High
- February 15, 2023
Customers who had configured their polling to occur via Kerberos did not expect NTLM Traffic on their environment, but since we were querying for data via IP address this prevented us from utilizing Kerberos.
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data
CVE-2022-47507
7.2 - High
- February 15, 2023
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
Marshaling, Unmarshaling
SolarWinds Platform was susceptible to the Directory Traversal Vulnerability
CVE-2022-47506
7.8 - High
- February 15, 2023
SolarWinds Platform was susceptible to the Directory Traversal Vulnerability. This vulnerability allows a local adversary with authenticated account access to edit the default configuration, enabling the execution of arbitrary commands.
Directory traversal
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data
CVE-2022-47504
7.2 - High
- February 15, 2023
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
Marshaling, Unmarshaling
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data
CVE-2022-47503
7.2 - High
- February 15, 2023
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
Marshaling, Unmarshaling
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data
CVE-2022-38111
7.2 - High
- February 15, 2023
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
Marshaling, Unmarshaling
Use of uninitialized variable in function gen_eth_recv in GNS3 dynamips 0.2.21.
CVE-2022-47012
7.5 - High
- January 20, 2023
Use of uninitialized variable in function gen_eth_recv in GNS3 dynamips 0.2.21.
Use of Uninitialized Resource
In DPA 2022.4 and older releases
CVE-2022-38112
7.5 - High
- January 20, 2023
In DPA 2022.4 and older releases, generated heap memory dumps contain sensitive information in cleartext.
Cleartext Storage of Sensitive Information
In Database Performance Analyzer (DPA) 2022.4 and older releases
CVE-2022-38110
5.4 - Medium
- January 20, 2023
In Database Performance Analyzer (DPA) 2022.4 and older releases, certain URL vectors are susceptible to authenticated reflected cross-site scripting.
XSS
Common encryption key appears to be used across all deployed instances of Serv-U FTP Server
CVE-2021-35252
7.5 - High
- December 16, 2022
Common encryption key appears to be used across all deployed instances of Serv-U FTP Server. Because of this an encrypted value that is exposed to an attacker can be simply recovered to plaintext.
authentification
This vulnerability happens in the web client versions 15.3.0 to Serv-U 15.3.1
CVE-2022-38106
5.4 - Medium
- December 16, 2022
This vulnerability happens in the web client versions 15.3.0 to Serv-U 15.3.1. This vulnerability affects the directory creation function.
XSS
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data
CVE-2022-36964
8.8 - High
- November 29, 2022
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands.
Marshaling, Unmarshaling
SolarWinds Platform was susceptible to Command Injection
CVE-2022-36962
7.2 - High
- November 29, 2022
SolarWinds Platform was susceptible to Command Injection. This vulnerability allows a remote adversary with complete control over the SolarWinds database to execute arbitrary commands.
Command Injection
SolarWinds Platform was susceptible to Improper Input Validation
CVE-2022-36960
8.8 - High
- November 29, 2022
SolarWinds Platform was susceptible to Improper Input Validation. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to escalate user privileges.
authentification
Insecure method vulnerability in which allowed HTTP methods are disclosed
CVE-2022-38115
5.3 - Medium
- November 23, 2022
Insecure method vulnerability in which allowed HTTP methods are disclosed. E.g., OPTIONS, DELETE, TRACE, and PUT
Interpretation Conflict
This vulnerability occurs when a web server fails to correctly process the Content-Length of POST requests
CVE-2022-38114
6.1 - Medium
- November 23, 2022
This vulnerability occurs when a web server fails to correctly process the Content-Length of POST requests. This can lead to HTTP request smuggling or XSS.
XSS
This vulnerability discloses build and services versions in the server response header.
CVE-2022-38113
5.3 - Medium
- November 23, 2022
This vulnerability discloses build and services versions in the server response header.
Information Disclosure
The application fails to prevent users from connecting to it over unencrypted connections
CVE-2021-35246
5.3 - Medium
- November 23, 2022
The application fails to prevent users from connecting to it over unencrypted connections. An attacker able to modify a legitimate user's network traffic could bypass the application's use of SSL/TLS encryption and use the application as a platform for attacks against its users.
Cleartext Transmission of Sensitive Information
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data
CVE-2022-38108
7.2 - High
- October 20, 2022
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
Marshaling, Unmarshaling
Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds Platform 2022.3 and previous.
CVE-2022-36966
5.4 - Medium
- October 20, 2022
Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds Platform 2022.3 and previous.
Insecure Direct Object Reference / IDOR
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data
CVE-2022-36958
8.8 - High
- October 20, 2022
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands.
Marshaling, Unmarshaling
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data
CVE-2022-36957
7.2 - High
- October 20, 2022
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
Marshaling, Unmarshaling
Sensitive information could be displayed when a detailed technical error message is posted
CVE-2022-38107
5.3 - Medium
- October 19, 2022
Sensitive information could be displayed when a detailed technical error message is posted. This information could disclose environmental details.
Generation of Error Message Containing Sensitive Information
An entity in Network Configuration Manager product is misconfigured and exposing password field to Solarwinds Information Service (SWIS)
CVE-2021-35226
6.5 - Medium
- October 10, 2022
An entity in Network Configuration Manager product is misconfigured and exposing password field to Solarwinds Information Service (SWIS). Exposed credentials are encrypted and require authenticated access with an NCM role.
Inadequate Encryption Strength
Insufficient sanitization of inputs in QoE application input field could lead to stored and Dom based XSS attack
CVE-2022-36965
6.1 - Medium
- September 30, 2022
Insufficient sanitization of inputs in QoE application input field could lead to stored and Dom based XSS attack. This issue is fixed and released in SolarWinds Platform (2022.3.0).
XSS
A vulnerable component of Orion Platform was vulnerable to SQL Injection
CVE-2022-36961
8.8 - High
- September 30, 2022
A vulnerable component of Orion Platform was vulnerable to SQL Injection, an authenticated attacker could leverage this for privilege escalation or remote code execution.
SQL Injection
This broken access control vulnerability pertains specifically to a domain admin who can access configuration & user data of other domains
CVE-2021-35249
4.3 - Medium
- May 17, 2022
This broken access control vulnerability pertains specifically to a domain admin who can access configuration & user data of other domains which they should not have access to. Please note the admin is unable to modify the data (read only operation). This UAC issue leads to a data leak to unauthorized users for a domain, with no log of them accessing the data unless they attempt to modify it. This read-only activity is logged to the original domain and does not specify which domain was accessed.
A researcher reported a Directory Transversal Vulnerability in Serv-U 15.3
CVE-2021-35250
7.5 - High
- April 25, 2022
A researcher reported a Directory Transversal Vulnerability in Serv-U 15.3. This may allow access to files relating to the Serv-U installation and server files. This issue has been resolved in Serv-U 15.3 Hotfix 1.
Directory traversal
Cross-site scripting vulnerability is present in Database Performance Monitor 2022.1.7779 and previous versions when using a complex SQL query
CVE-2021-35229
6.1 - Medium
- April 21, 2022
Cross-site scripting vulnerability is present in Database Performance Monitor 2022.1.7779 and previous versions when using a complex SQL query
XSS
SolarWinds received a report of a vulnerability related to an input that was not sanitized in WebHelpDesk
CVE-2021-35254
8.8 - High
- March 25, 2022
SolarWinds received a report of a vulnerability related to an input that was not sanitized in WebHelpDesk. SolarWinds has removed this input field to prevent the misuse of this input in the future.
Sensitive information could be displayed when a detailed technical error message is posted
CVE-2021-35251
5.3 - Medium
- March 10, 2022
Sensitive information could be displayed when a detailed technical error message is posted. This information could disclose environmental details about the Web Help Desk installation.
Generation of Error Message Containing Sensitive Information
Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized
CVE-2021-35247
5.3 - Medium
- January 10, 2022
Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized. SolarWinds has updated the input mechanism to perform additional validation and sanitization. Please Note: No downstream affect has been detected as the LDAP servers ignored improper characters. To insure proper input validation is completed in all environments. SolarWinds recommends scheduling an update to the latest version of Serv-U.
Improper Input Validation
Hard coded credentials discovered in SolarWinds Web Help Desk product
CVE-2021-35232
6.1 - Medium
- December 27, 2021
Hard coded credentials discovered in SolarWinds Web Help Desk product. Through these credentials, the attacker with local access to the Web Help Desk host machine allows to execute arbitrary HQL queries against the database and leverage the vulnerability to steal the password hashes of the users or insert arbitrary data into the database.
Use of Hard-coded Credentials
The HTTP PUT and DELETE methods were enabled in the Web Help Desk web server (12.7.7 and earlier)
CVE-2021-35243
7.5 - High
- December 23, 2021
The HTTP PUT and DELETE methods were enabled in the Web Help Desk web server (12.7.7 and earlier), allowing users to execute dangerous HTTP requests. The HTTP PUT method is normally used to upload data that is saved on the server with a user-supplied URL. While the DELETE method requests that the origin server removes the association between the target resource and its current functionality. Improper use of these methods may lead to a loss of integrity.
Numerous exposed dangerous functions within Orion Core has allows for read-only SQL injection leading to privileged escalation
CVE-2021-35234
8.8 - High
- December 20, 2021
Numerous exposed dangerous functions within Orion Core has allows for read-only SQL injection leading to privileged escalation. An attacker with low-user privileges may steal password hashes and password salt information.
SQL Injection
Serv-U server responds with valid CSRFToken when the request contains only Session.
CVE-2021-35242
8.8 - High
- December 06, 2021
Serv-U server responds with valid CSRFToken when the request contains only Session.
Session Riding
A missing HTTP header (X-Frame-Options) in Kiwi Syslog Server has left customers vulnerable to click jacking
CVE-2021-35237
4.3 - Medium
- October 29, 2021
A missing HTTP header (X-Frame-Options) in Kiwi Syslog Server has left customers vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item, such as a button or link, to another server in which they have an identical webpage. The attacker essentially hijacks the user activity intended for the original server and sends them to the other server. This is an attack on both the user and the server.
Clickjacking
The HTTP TRACK & TRACE methods were enabled in Kiwi Syslog Server 9.7.1 and earlier
CVE-2021-35233
5.3 - Medium
- October 27, 2021
The HTTP TRACK & TRACE methods were enabled in Kiwi Syslog Server 9.7.1 and earlier. These methods are intended for diagnostic purposes only. If enabled, the web server will respond to requests that use these methods by returning exact HTTP request that was received in the response to the client. This may lead to the disclosure of sensitive information such as internal authentication headers appended by reverse proxies.
The Secure flag is not set in the SSL Cookie of Kiwi Syslog Server 9.7.2 and previous versions
CVE-2021-35236
5.3 - Medium
- October 27, 2021
The Secure flag is not set in the SSL Cookie of Kiwi Syslog Server 9.7.2 and previous versions. The Secure attribute tells the browser to only send the cookie if the request is being sent over a secure channel such as HTTPS. This will help protect the cookie from being passed over unencrypted requests. If the application can be accessed over both HTTP, there is a potential for the cookie can be sent in clear text.
Missing Encryption of Sensitive Data
The ASP.NET debug feature is enabled by default in Kiwi Syslog Server 9.7.2 and previous versions
CVE-2021-35235
5.3 - Medium
- October 27, 2021
The ASP.NET debug feature is enabled by default in Kiwi Syslog Server 9.7.2 and previous versions. ASP.NET allows remote debugging of web applications, if configured to do so. Debug mode causes ASP.NET to compile applications with extra information. The information enables a debugger to closely monitor and control the execution of an application. If an attacker could successfully start a remote debugging session, this is likely to disclose sensitive information about the web application and supporting infrastructure that may be valuable in targeting SWI with malicious intent.
As a result of an unquoted service path vulnerability present in the Kiwi Syslog Server Installation Wizard
CVE-2021-35231
6.7 - Medium
- October 25, 2021
As a result of an unquoted service path vulnerability present in the Kiwi Syslog Server Installation Wizard, a local attacker could gain escalated privileges by inserting an executable into the path of the affected service or uninstall entry. Example vulnerable path: "Computer\HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Kiwi Syslog Server\Parameters\Application".
Unquoted Search Path or Element
As a result of an unquoted service path vulnerability present in the Kiwi CatTools Installation Wizard
CVE-2021-35230
6.7 - Medium
- October 22, 2021
As a result of an unquoted service path vulnerability present in the Kiwi CatTools Installation Wizard, a local attacker could gain escalated privileges by inserting an executable into the path of the affected service or uninstall entry.
Directory traversal
This vulnerability occurred due to missing input sanitization for one of the output fields
CVE-2021-35228
4.7 - Medium
- October 21, 2021
This vulnerability occurred due to missing input sanitization for one of the output fields that is extracted from headers on specific section of page causing a reflective cross site scripting attack. An attacker would need to perform a Man in the Middle attack in order to change header for a remote victim.
XSS
Each authenticated Orion Platform user in a MSP (Managed Service Provider) environment can view and browse all NetPath Services from all
CVE-2021-35225
6.4 - Medium
- October 21, 2021
Each authenticated Orion Platform user in a MSP (Managed Service Provider) environment can view and browse all NetPath Services from all that MSP's customers. This can lead to any user having a limited insight into other customer's infrastructure and potential data cross-contamination.
The HTTP interface was enabled for RabbitMQ Plugin in ARM 2020.2.6 and the ability to configure HTTPS was not available.
CVE-2021-35227
7.8 - High
- October 21, 2021
The HTTP interface was enabled for RabbitMQ Plugin in ARM 2020.2.6 and the ability to configure HTTPS was not available.
Marshaling, Unmarshaling
The vulnerability in SolarWinds Pingdom can be described as a failure to invalidate user session upon password or email address change
CVE-2021-35214
4.7 - Medium
- October 12, 2021
The vulnerability in SolarWinds Pingdom can be described as a failure to invalidate user session upon password or email address change. When running multiple active sessions in separate browser windows, it was observed a password or email address change could be changed without terminating the user session. This issue has been resolved on September 13, 2021.
Insufficient Session Expiration
Insecure Deseralization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module and reported to us by ZDI
CVE-2021-35217
8.8 - High
- September 08, 2021
Insecure Deseralization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module and reported to us by ZDI. An Authenticated Attacker could exploit it by executing WSAsyncExecuteTasks deserialization of untrusted data.
Marshaling, Unmarshaling
Deserialization of Untrusted Data in the Web Console Chart Endpoint can lead to remote code execution
CVE-2021-35218
8.8 - High
- September 01, 2021
Deserialization of Untrusted Data in the Web Console Chart Endpoint can lead to remote code execution. An unauthorized attacker who has network access to the Orion Patch Manager Web Console could potentially exploit this and compromise the server
Marshaling, Unmarshaling
Insecure deserialization leading to Remote Code Execution was detected in the Orion Platform version 2020.2.5
CVE-2021-35215
8.8 - High
- September 01, 2021
Insecure deserialization leading to Remote Code Execution was detected in the Orion Platform version 2020.2.5. Authentication is required to exploit this vulnerability.
Marshaling, Unmarshaling
Insecure Deserialization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module
CVE-2021-35216
8.8 - High
- September 01, 2021
Insecure Deserialization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module. An Authenticated Attacker with network access via HTTP can compromise this vulnerability can result in Remote Code Execution.
Marshaling, Unmarshaling
User with Orion Platform Admin Rights could store XSS through URL POST parameter in CreateExternalWebsite website.
CVE-2021-35238
4.8 - Medium
- September 01, 2021
User with Orion Platform Admin Rights could store XSS through URL POST parameter in CreateExternalWebsite website.
XSS
An SQL injection Privilege Escalation Vulnerability was discovered in the Orion Platform reported by the ZDI Team
CVE-2021-35212
8.8 - High
- August 31, 2021
An SQL injection Privilege Escalation Vulnerability was discovered in the Orion Platform reported by the ZDI Team. A blind Boolean SQL injection which could lead to full read/write over the Orion database content including the Orion certificate for any authenticated user.
SQL Injection
A security researcher found a user with Orion map manage rights could store XSS through
CVE-2021-35239
5.4 - Medium
- August 31, 2021
A security researcher found a user with Orion map manage rights could store XSS through via text box hyperlink.
XSS
The Serv-U File Server allows for events such as user login failures to be audited by executing a command
CVE-2021-35223
8.8 - High
- August 31, 2021
The Serv-U File Server allows for events such as user login failures to be audited by executing a command. This command can be supplied with parameters that can take the form of user string variables, allowing remote code execution.
ExportToPdfCmd Arbitrary File Read Information Disclosure Vulnerability using ImportAlert function within the Alerts Settings page.
CVE-2021-35219
4.9 - Medium
- August 31, 2021
ExportToPdfCmd Arbitrary File Read Information Disclosure Vulnerability using ImportAlert function within the Alerts Settings page.
Command Injection vulnerability in EmailWebPage API which can lead to a Remote Code Execution (RCE)
CVE-2021-35220
7.2 - High
- August 31, 2021
Command Injection vulnerability in EmailWebPage API which can lead to a Remote Code Execution (RCE) from the Alerts Settings page.
Command Injection
Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2
CVE-2021-32076
5.3 - Medium
- August 26, 2021
Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2. An attacker can access the 'Web Help Desk Getting Started Wizard', especially the admin account creation page, from a non-privileged IP address network range or loopback address by intercepting the HTTP request and changing the referrer from the public IP address to the loopback.
Authentication Bypass by Spoofing
The node management page in SolarWinds Orion Platform before 2020.2.5 HF1
CVE-2021-28674
5.4 - Medium
- July 30, 2021
The node management page in SolarWinds Orion Platform before 2020.2.5 HF1 allows an attacker to create or delete a node (outside of the attacker's perimeter) via an account with write permissions. This occurs because node IDs are predictable (with incrementing numbers) and the access control on Services/NodeManagement.asmx/DeleteObjNow is incorrect. To exploit this, an attacker must be authenticated and must have node management rights associated with at least one valid group on the platform.
Use of Insufficiently Random Values
Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability
CVE-2021-35211
10 - Critical
- July 14, 2021
Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability. If exploited, a threat actor may be able to gain privileged access to the machine hosting Serv-U Only. SolarWinds Serv-U Managed File Transfer and Serv-U Secure FTP for Windows before 15.2.3 HF2 are affected by this vulnerability.
Memory Corruption
In SolarWinds DameWare Mini Remote Control Server 12.0.1.200, insecure file permissions
CVE-2021-31217
9.1 - Critical
- July 13, 2021
In SolarWinds DameWare Mini Remote Control Server 12.0.1.200, insecure file permissions allow file deletion as SYSTEM.
Incorrect Default Permissions
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor 2020.2.1
CVE-2021-31474
9.8 - Critical
- May 21, 2021
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor 2020.2.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SolarWinds.Serialization library. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-12213.
Marshaling, Unmarshaling
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Job Scheduler 2020.2.1 HF 2
CVE-2021-31475
8.8 - High
- May 21, 2021
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Job Scheduler 2020.2.1 HF 2. Authentication is required to exploit this vulnerability. The specific flaw exists within the JobRouterService WCF service. The issue is due to the WCF service configuration, which allows a critical resource to be accessed by unprivileged users. An attacker can leverage this vulnerability to execute code in the context of an administrator. Was ZDI-CAN-12007.
Incorrect Permission Assignment for Critical Resource
Share/IncomingWizard.htm in SolarWinds Serv-U before 15.2.3 mishandles the user-supplied SenderEmail parameter, aka "Share URL XSS
CVE-2021-32604
5.4 - Medium
- May 11, 2021
Share/IncomingWizard.htm in SolarWinds Serv-U before 15.2.3 mishandles the user-supplied SenderEmail parameter, aka "Share URL XSS."
XSS
SolarWinds Serv-U before 15.2 is affected by Cross Site Scripting (XSS)
CVE-2021-25179
6.1 - Medium
- May 05, 2021
SolarWinds Serv-U before 15.2 is affected by Cross Site Scripting (XSS) via the HTTP Host header.
XSS
SolarWinds Serv-U before 15.1.6 Hotfix 3 is affected by Cross Site Scripting (XSS)
CVE-2020-22428
4.8 - Medium
- May 05, 2021
SolarWinds Serv-U before 15.1.6 Hotfix 3 is affected by Cross Site Scripting (XSS) via a directory name (entered by an admin) containing a JavaScript payload.
XSS
An issue was discovered in SolarWinds Serv-U before 15.2.2
CVE-2021-3154
7.5 - High
- May 04, 2021
An issue was discovered in SolarWinds Serv-U before 15.2.2. Unauthenticated attackers can retrieve cleartext passwords via macro Injection. NOTE: this had a distinct fix relative to CVE-2020-35481.
Injection
This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Orion Virtual Infrastructure Monitor 2020.2
CVE-2021-27277
7.8 - High
- April 22, 2021
This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Orion Virtual Infrastructure Monitor 2020.2. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the OneTimeJobSchedulerEventsService WCF service. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-11955.
Marshaling, Unmarshaling
This vulnerability allows remote attackers to execute escalate privileges on affected installations of SolarWinds Orion Platform 2020.2
CVE-2021-27258
9.8 - Critical
- April 14, 2021
This vulnerability allows remote attackers to execute escalate privileges on affected installations of SolarWinds Orion Platform 2020.2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SaveUserSetting endpoint. The issue results from improper restriction of this endpoint to unprivileged users. An attacker can leverage this vulnerability to escalate privileges their privileges from Guest to Administrator. Was ZDI-CAN-11903.
This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Patch Manager 2020.2.1
CVE-2021-27240
7.8 - High
- March 29, 2021
This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Patch Manager 2020.2.1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the DataGridService WCF service. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of Administrator. Was ZDI-CAN-12009.
Marshaling, Unmarshaling
The custom menu item options page in SolarWinds Orion Platform before 2020.2.5
CVE-2021-3109
4.8 - Medium
- March 26, 2021
The custom menu item options page in SolarWinds Orion Platform before 2020.2.5 allows Reverse Tabnabbing in the context of an administrator account.
SolarWinds Orion Platform before 2020.2.5
CVE-2020-35856
4.8 - Medium
- March 26, 2021
SolarWinds Orion Platform before 2020.2.5 allows stored XSS attacks by an administrator on the Customize View page.
XSS
This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor 2020 HF1
CVE-2020-27869
8.8 - High
- February 12, 2021
This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor 2020 HF1, NPM: 2020.2. Authentication is required to exploit this vulnerability. The specific flaw exists within the WriteToFile method. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges and reset the password for the Admin user. Was ZDI-CAN-11804.
SQL Injection
This vulnerability allows remote attackers to disclose sensitive information on affected installations of SolarWinds Orion Platform 2020.2.1
CVE-2020-27870
6.5 - Medium
- February 10, 2021
This vulnerability allows remote attackers to disclose sensitive information on affected installations of SolarWinds Orion Platform 2020.2.1. Authentication is required to exploit this vulnerability. The specific flaw exists within ExportToPDF.aspx. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. Was ZDI-CAN-11917.
Directory traversal
This vulnerability allows remote attackers to create arbitrary files on affected installations of SolarWinds Orion Platform 2020.2.1
CVE-2020-27871
7.2 - High
- February 10, 2021
This vulnerability allows remote attackers to create arbitrary files on affected installations of SolarWinds Orion Platform 2020.2.1. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within VulnerabilitySettings.aspx. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-11902.
Directory traversal
The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ (Microsoft Message Queue) and doesn't set permissions on its private queues
CVE-2021-25274
9.8 - Critical
- February 03, 2021
The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ (Microsoft Message Queue) and doesn't set permissions on its private queues. As a result, remote unauthenticated clients can send messages to TCP port 1801 that the Collector Service will process. Additionally, upon processing of such messages, the service deserializes them in insecure manner, allowing remote arbitrary code execution as LocalSystem.
Marshaling, Unmarshaling
SolarWinds Orion Platform before 2020.2.4
CVE-2021-25275
7.8 - High
- February 03, 2021
SolarWinds Orion Platform before 2020.2.4, as used by various SolarWinds products, installs and uses a SQL Server backend, and stores database credentials to access this backend in a file readable by unprivileged users. As a result, any user having access to the filesystem can read database login details from that file, including the login name and its associated password. Then, the credentials can be used to get database owner access to the SWNetPerfMon.DB database. This gives access to the data collected by SolarWinds applications, and leads to admin access to the applications by inserting or changing authentication data stored in the Accounts table of the database.
Use of Hard-coded Credentials
In SolarWinds Serv-U before 15.2.2 Hotfix 1, there is a directory containing user profile files (
CVE-2021-25276
7.1 - High
- February 03, 2021
In SolarWinds Serv-U before 15.2.2 Hotfix 1, there is a directory containing user profile files (that include users' password hashes) that is world readable and writable. An unprivileged Windows user (having access to the server's filesystem) can add an FTP user by copying a valid profile file to this directory. For example, if this profile sets up a user with a C:\ home directory, then the attacker obtains access to read or replace arbitrary files with LocalSystem privileges.
Incorrect Permission Assignment for Critical Resource
SolarWinds Serv-U before 15.2.2
CVE-2020-27994
6.5 - Medium
- February 03, 2021
SolarWinds Serv-U before 15.2.2 allows Authenticated Directory Traversal.
Directory traversal
SolarWinds Serv-U before 15.2.2
CVE-2020-28001
5.4 - Medium
- February 03, 2021
SolarWinds Serv-U before 15.2.2 allows Authenticated Stored XSS.
XSS
SolarWinds Serv-U before 15.2.2
CVE-2020-35481
9.8 - Critical
- February 03, 2021
SolarWinds Serv-U before 15.2.2 allows Unauthenticated Macro Injection.
SolarWinds Serv-U before 15.2.2
CVE-2020-35482
5.4 - Medium
- February 03, 2021
SolarWinds Serv-U before 15.2.2 allows authenticated reflected XSS.
XSS
The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands
CVE-2020-10148
9.8 - Critical
- December 29, 2020
The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. This vulnerability could allow a remote attacker to bypass authentication and execute API commands which may result in a compromise of the SolarWinds instance. SolarWinds Orion Platform versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1 are affected.
authentification