Solarwinds Security Vulnerabilities (CVEs)

Track 81 security vulnerabilities affecting Solarwinds products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.

27 Critical

44 High

10 Medium

Sort by:

🔔 Get Alerts for Solarwinds

CVE-2023-40062 8.0

This vulnerability in SolarWinds Platform allows a low-privileged authenticated user to execute arbitrary code with SYSTEM privileges due to incomplet...

Nov 1, 2023

CVE-2023-35182 8.8

CVE-2023-35182 is a remote code execution vulnerability in SolarWinds Access Rights Manager that allows unauthenticated attackers to execute arbitrary...

Oct 19, 2023

CVE-2023-35184 8.8

CVE-2023-35184 is a remote code execution vulnerability in SolarWinds Access Rights Manager that allows unauthenticated attackers to execute arbitrary...

Oct 19, 2023

CVE-2023-35186 8.0

This vulnerability allows authenticated users of SolarWinds Access Rights Manager to execute arbitrary code remotely by abusing SolarWinds services. I...

Oct 19, 2023

CVE-2023-35180 8.0

CVE-2023-35180 is a remote code execution vulnerability in SolarWinds Access Rights Manager that allows authenticated users to execute arbitrary code ...

Oct 19, 2023

CVE-2023-40060 7.2

This vulnerability allows administrators with existing access to bypass multi-factor authentication in Serv-U FTP server software. Attackers who alrea...

Sep 7, 2023

CVE-2023-35179 7.2

This vulnerability allows attackers with administrator access to Serv-U to bypass multi-factor authentication (MFA/2FA). It affects Serv-U 15.4 instal...

Aug 11, 2023

CVE-2023-23842 7.2

CVE-2023-23842 is a directory traversal vulnerability in SolarWinds Network Configuration Manager that allows authenticated administrative users to ex...

Jul 26, 2023

CVE-2023-23844 7.2

CVE-2023-23844 is an incorrect comparison vulnerability in SolarWinds Platform that allows authenticated administrators to execute arbitrary commands ...

Jul 26, 2023

CVE-2023-33224 7.2

This vulnerability allows administrators of SolarWinds Platform to execute arbitrary commands with NETWORK SERVICE privileges due to incorrect behavio...

Jul 26, 2023

CVE-2022-36963 7.2

This command injection vulnerability in SolarWinds Platform allows authenticated administrators to execute arbitrary system commands. Attackers with c...

Apr 21, 2023

CVE-2022-47506 7.8

CVE-2022-47506 is a directory traversal vulnerability in SolarWinds Platform that allows authenticated local attackers to modify default configuration...

Feb 15, 2023

CVE-2022-47508 7.5

This vulnerability in SolarWinds SAM occurs when polling via IP address forces NTLM authentication instead of the expected Kerberos, potentially expos...

Feb 15, 2023

CVE-2022-47503 7.2

This vulnerability in SolarWinds Platform allows remote attackers with Orion admin-level account access to execute arbitrary commands through deserial...

Feb 15, 2023

CVE-2021-35226 6.5

SolarWinds Network Configuration Manager (NCM) exposes encrypted password fields through the SolarWinds Information Service (SWIS) to authenticated us...

Oct 10, 2022

CVE-2021-35250 7.5

CVE-2021-35250 is a directory traversal vulnerability in SolarWinds Serv-U FTP server that allows attackers to access files outside the intended direc...

Apr 25, 2022

CVE-2021-35234 8.0

This vulnerability in SolarWinds Orion Core allows authenticated low-privilege users to perform SQL injection attacks through exposed dangerous functi...

Dec 20, 2021

CVE-2021-35242 8.3

This vulnerability in SolarWinds Serv-U is a Cross-Site Request Forgery (CSRF) flaw where the server improperly validates CSRF tokens when requests co...

Dec 6, 2021

CVE-2021-35215 8.9

This vulnerability allows authenticated attackers to execute arbitrary code on SolarWinds Orion Platform servers through insecure deserialization. It ...

Sep 1, 2021

CVE-2021-35218 8.9

This vulnerability allows remote code execution through deserialization of untrusted data in the SolarWinds Orion Patch Manager Web Console. An attack...

Sep 1, 2021

CVE-2021-35212 8.9

CVE-2021-35212 is a blind Boolean SQL injection vulnerability in SolarWinds Orion Platform that allows authenticated users to escalate privileges and ...

Aug 31, 2021

CVE-2021-35223 8.5

CVE-2021-35223 is a remote code execution vulnerability in SolarWinds Serv-U File Server where user-supplied parameters in audit command execution can...

Aug 31, 2021

CVE-2021-35222 8.0

CVE-2021-35222 is a reflected cross-site scripting (XSS) vulnerability in SolarWinds Orion Platform that allows attackers to impersonate authenticated...

Aug 31, 2021

CVE-2021-35220 8.1

CVE-2021-35220 is a command injection vulnerability in SolarWinds Orion Platform's EmailWebPage API that allows attackers to execute arbitrary command...

Aug 31, 2021

CVE-2021-35211 9.0

This is a critical remote code execution vulnerability in SolarWinds Serv-U products that allows attackers to execute arbitrary code with SYSTEM privi...

Jul 14, 2021

CVE-2021-31217 9.1

This vulnerability in SolarWinds DameWare Mini Remote Control Server allows attackers with local access to delete files with SYSTEM privileges due to ...

Jul 13, 2021

CVE-2021-31474 9.8

This vulnerability allows unauthenticated remote attackers to execute arbitrary code with SYSTEM privileges on SolarWinds Network Performance Monitor ...

May 21, 2021

CVE-2021-27277 7.8

This vulnerability allows local attackers with low-privileged access to escalate privileges to SYSTEM level via insecure deserialization in SolarWinds...

Apr 22, 2021

CVE-2021-27258 9.8

This vulnerability allows unauthenticated remote attackers to escalate privileges from Guest to Administrator on SolarWinds Orion Platform installatio...

Apr 14, 2021

CVE-2021-25274 9.8

This vulnerability allows remote unauthenticated attackers to send malicious messages to SolarWinds Orion's Collector Service on TCP port 1801, which ...

Feb 3, 2021

CVE-2020-10148 9.8

CVE-2020-10148 is an authentication bypass vulnerability in SolarWinds Orion API that allows remote attackers to execute arbitrary API commands withou...

Dec 29, 2020

← Previous Page 2 of 2

Why Monitor Solarwinds Security Vulnerabilities?

Real-time CVE tracking: Our automated system monitors 81+ known vulnerabilities affecting Solarwinds products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.

Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Solarwinds packages in under 60 seconds. No agents required - completely agentless scanning that works across Solarwinds deployments.

Free vulnerability database: Access detailed information about every Solarwinds CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.

🚀 Get Started in 60 Seconds

Register free account & add your servers
Run one-time scan or schedule automatic monitoring (every 1-24 hours)
Receive instant alerts when new Solarwinds CVEs affect your systems
Access dashboard with severity breakdown & fix instructions

Start Monitoring Solarwinds CVEs Free