Vulnerabilities > Solarwinds > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-11 | CVE-2024-28989 | Use of Hard-coded Credentials vulnerability in Solarwinds web Help Desk SolarWinds Web Help Desk was found to have a hardcoded cryptographic key that could allow the disclosure of sensitive information from the software. | 5.5 |
| 2025-02-11 | CVE-2024-52612 | Unspecified vulnerability in Solarwinds Platform SolarWinds Platform is vulnerable to a reflected cross-site scripting vulnerability. | 4.8 |
| 2024-12-10 | CVE-2024-45709 | Path Traversal vulnerability in Solarwinds web Help Desk SolarWinds Web Help Desk was susceptible to a local file read vulnerability. | 5.5 |
| 2024-12-04 | CVE-2024-45717 | Cross-site Scripting vulnerability in Solarwinds Platform The SolarWinds Platform was susceptible to a XSS vulnerability that affects the search and node information section of the user interface. | 4.8 |
| 2024-10-17 | CVE-2024-45713 | Information Exposure Through an Error Message vulnerability in Solarwinds Kiwi Cattools SolarWinds Kiwi CatTools is susceptible to a sensitive data disclosure vulnerability when a non-default setting has been enabled for troubleshooting purposes. | 4.4 |
| 2024-10-16 | CVE-2024-45714 | Cross-site Scripting vulnerability in Solarwinds Serv-U Application is vulnerable to Cross Site Scripting (XSS) an authenticated attacker with users’ permissions can modify a variable with a payload. | 4.1 |
| 2024-10-16 | CVE-2024-45715 | Cross-site Scripting vulnerability in Solarwinds Platform The SolarWinds Platform was susceptible to a Cross-Site Scripting vulnerability when performing an edit function to existing elements. | 6.1 |
| 2024-06-04 | CVE-2024-29004 | Unspecified vulnerability in Solarwinds Platform The SolarWinds Platform was determined to be affected by a stored cross-site scripting vulnerability affecting the web console. | 4.8 |
| 2024-05-20 | CVE-2024-29000 | Unspecified vulnerability in Solarwinds Platform The SolarWinds Platform was determined to be affected by a reflected cross-site scripting vulnerability affecting the web console. | 4.8 |
| 2024-05-03 | CVE-2024-28072 | Unspecified vulnerability in Solarwinds Serv-U A highly privileged account can overwrite arbitrary files on the system with log output. | 4.9 |