Vulnerabilities > Solarwinds
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-11 | CVE-2024-28989 | Use of Hard-coded Credentials vulnerability in Solarwinds web Help Desk SolarWinds Web Help Desk was found to have a hardcoded cryptographic key that could allow the disclosure of sensitive information from the software. | 5.5 |
| 2025-02-11 | CVE-2024-52606 | Server-Side Request Forgery (SSRF) vulnerability in Solarwinds Platform SolarWinds Platform is affected by server-side request forgery vulnerability. | 9.8 |
| 2025-02-11 | CVE-2024-52611 | Information Exposure Through an Error Message vulnerability in Solarwinds Platform The SolarWinds Platform is vulnerable to an information disclosure vulnerability through an error message. | 3.5 |
| 2025-02-11 | CVE-2024-52612 | Unspecified vulnerability in Solarwinds Platform SolarWinds Platform is vulnerable to a reflected cross-site scripting vulnerability. | 4.8 |
| 2024-12-10 | CVE-2024-45709 | Path Traversal vulnerability in Solarwinds web Help Desk SolarWinds Web Help Desk was susceptible to a local file read vulnerability. | 5.5 |
| 2024-12-04 | CVE-2024-45717 | Cross-site Scripting vulnerability in Solarwinds Platform The SolarWinds Platform was susceptible to a XSS vulnerability that affects the search and node information section of the user interface. | 4.8 |
| 2024-10-17 | CVE-2024-45713 | Information Exposure Through an Error Message vulnerability in Solarwinds Kiwi Cattools SolarWinds Kiwi CatTools is susceptible to a sensitive data disclosure vulnerability when a non-default setting has been enabled for troubleshooting purposes. | 4.4 |
| 2024-10-16 | CVE-2024-45710 | Uncontrolled Search Path Element vulnerability in Solarwinds Platform SolarWinds Platform is susceptible to an Uncontrolled Search Path Element Local Privilege Escalation vulnerability. | 7.8 |
| 2024-10-16 | CVE-2024-45711 | Path Traversal vulnerability in Solarwinds Serv-U SolarWinds Serv-U is vulnerable to a directory traversal vulnerability where remote code execution is possible depending on privileges given to the authenticated user. | 8.8 |
| 2024-10-16 | CVE-2024-45714 | Cross-site Scripting vulnerability in Solarwinds Serv-U Application is vulnerable to Cross Site Scripting (XSS) an authenticated attacker with users’ permissions can modify a variable with a payload. | 4.1 |