Known Vulnerabilities for products from SolarWinds
Listed below are 20 of the newest known vulnerabilities associated with the vendor "SolarWinds".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-28298 | SolarWinds Observability Self-Hosted was found to be affected by a stored cross-site scripting vulnerability, which when expl... | Not Provided | 2026-03-26 | 2026-03-31 |
| CVE-2026-28297 | SolarWinds Observability Self-Hosted was found to be affected by a stored cross-site scripting vulnerability, which when expl... | Not Provided | 2026-03-26 | 2026-03-31 |
| CVE-2021-35254 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 8.8 - HIGH | 2022-03-25 | 2023-06-26 |
| CVE-2021-35252 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2022-12-16 | 2023-08-03 |
| CVE-2021-35251 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 5.3 - MEDIUM | 2022-03-10 | 2022-03-15 |
| CVE-2021-35250 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2022-04-25 | 2023-08-03 |
| CVE-2021-35249 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 4.3 - MEDIUM | 2022-05-17 | 2022-10-27 |
| CVE-2021-35248 | It has been reported that any Orion user, e.g. guest accounts can query the Orion.UserSettings entity and enumerate users and... | 4.3 - MEDIUM | 2021-12-20 | 2023-08-03 |
| CVE-2021-35247 | Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized. SolarWinds has u... | 5.3 - MEDIUM | 2022-01-10 | 2022-02-10 |
| CVE-2021-35246 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 5.3 - MEDIUM | 2022-11-23 | 2023-08-03 |
| CVE-2021-35245 | When a user has admin rights in Serv-U Console, the user can move, create and delete any files are able to be accessed on the... | 6.8 - MEDIUM | 2021-12-06 | 2022-10-27 |
| CVE-2021-35244 | The "Log alert to a file" action within action management enables any Orion Platform user with Orion alert management rights ... | 7.2 - HIGH | 2021-12-20 | 2022-03-17 |
| CVE-2021-35243 | The HTTP PUT and DELETE methods were enabled in the Web Help Desk web server (12.7.7 and earlier), allowing users to execute ... | 7.5 - HIGH | 2021-12-23 | 2022-01-07 |
| CVE-2021-35242 | Serv-U server responds with valid CSRFToken when the request contains only Session. | 8.8 - HIGH | 2021-12-06 | 2021-12-07 |
| CVE-2021-35240 | A security researcher stored XSS via a Help Server setting. This affects customers using Internet Explorer, because they do n... | 4.8 - MEDIUM | 2021-08-31 | 2021-09-09 |
| CVE-2021-35239 | A security researcher found a user with Orion map manage rights could store XSS through via text box hyperlink. | 5.4 - MEDIUM | 2021-08-31 | 2021-09-08 |
| CVE-2021-35238 | User with Orion Platform Admin Rights could store XSS through URL POST parameter in CreateExternalWebsite website. | 4.8 - MEDIUM | 2021-09-01 | 2021-09-09 |
| CVE-2021-35237 | A missing HTTP header (X-Frame-Options) in Kiwi Syslog Server has left customers vulnerable to click jacking. Clickjacking is... | 4.3 - MEDIUM | 2021-10-29 | 2023-08-03 |
| CVE-2021-35236 | The Secure flag is not set in the SSL Cookie of Kiwi Syslog Server 9.7.2 and previous versions. The Secure attribute tells th... | 5.3 - MEDIUM | 2021-10-27 | 2022-10-27 |
| CVE-2021-35235 | The ASP.NET debug feature is enabled by default in Kiwi Syslog Server 9.7.2 and previous versions. ASP.NET allows remote debu... | 5.3 - MEDIUM | 2021-10-27 | 2021-10-28 |
Known software with vulnerabilities from SolarWinds
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Solarwinds | Advanced Monitoring Agent | - |
| Application | Solarwinds | Advanced Subnet Calculator | 9.1 |
| Application | Solarwinds | Collector | 2.2.1.0 |
| Application | Solarwinds | Dameware | 12.1 |
| Application | Solarwinds | Dameware Mini Remote Control | 4.5.0.0 |
| Application | Solarwinds | Dameware Mini Remote Control Client Agent Service | 6.9.0.0 |
| Application | Solarwinds | Dameware Remote Support | 4.5.0.0 |
| Application | Solarwinds | Damewire Mini Remote Control | 10.0 |
| Application | Solarwinds | Database Performance Analyzer | 11.1.457 |
| Application | Solarwinds | Engineers Edition | solarwinds_engineers_edition |
| Application | Solarwinds | Exchange Monitor | 1.0.1.30 |
| Application | Solarwinds | Firewall Security Manager | 6.6.5 |
| Application | Solarwinds | Ftp Voyager | 16.2.0 |
| Application | Solarwinds | Information Service | 2.5.1 |
| Application | Solarwinds | Integrated Virtual Infrastructure Monitor | 1.1.674.0 |
| Application | Solarwinds | Ip Address Manager Web Interface | 3.0 |
| Application | Solarwinds | Ipmonitor | 8.50.1158.3 |
| Application | Solarwinds | Job Engine | 1.5.2.0 |
| Application | Solarwinds | Kiwi Cattools | 3.6.0__\(service_edition\) |
| Application | Solarwinds | Log And Event Manager | 6.1 |