Vulnerabilities > Solarwinds > Medium

DATE CVE VULNERABILITY TITLE RISK
2025-02-11 CVE-2024-28989 Use of Hard-coded Credentials vulnerability in Solarwinds web Help Desk
SolarWinds Web Help Desk was found to have a hardcoded cryptographic key that could allow the disclosure of sensitive information from the software.
local
low complexity
solarwinds CWE-798
5.5
2025-02-11 CVE-2024-52612 Unspecified vulnerability in Solarwinds Platform
SolarWinds Platform is vulnerable to a reflected cross-site scripting vulnerability.
network
low complexity
solarwinds
4.8
2024-12-10 CVE-2024-45709 Path Traversal vulnerability in Solarwinds web Help Desk
SolarWinds Web Help Desk was susceptible to a local file read vulnerability.
local
low complexity
solarwinds CWE-22
5.5
2024-12-04 CVE-2024-45717 Cross-site Scripting vulnerability in Solarwinds Platform
The SolarWinds Platform was susceptible to a XSS vulnerability that affects the search and node information section of the user interface.
low complexity
solarwinds CWE-79
4.8
2024-10-17 CVE-2024-45713 Information Exposure Through an Error Message vulnerability in Solarwinds Kiwi Cattools
SolarWinds Kiwi CatTools is susceptible to a sensitive data disclosure vulnerability when a non-default setting has been enabled for troubleshooting purposes.
local
low complexity
solarwinds CWE-209
4.4
2024-10-16 CVE-2024-45714 Cross-site Scripting vulnerability in Solarwinds Serv-U
Application is vulnerable to Cross Site Scripting (XSS) an authenticated attacker with users’ permissions can modify a variable with a payload.
network
low complexity
solarwinds CWE-79
4.1
2024-10-16 CVE-2024-45715 Cross-site Scripting vulnerability in Solarwinds Platform
The SolarWinds Platform was susceptible to a Cross-Site Scripting vulnerability when performing an edit function to existing elements.
network
low complexity
solarwinds CWE-79
6.1
2024-06-04 CVE-2024-29004 Unspecified vulnerability in Solarwinds Platform
The SolarWinds Platform was determined to be affected by a stored cross-site scripting vulnerability affecting the web console.
network
low complexity
solarwinds
4.8
2024-05-20 CVE-2024-29000 Unspecified vulnerability in Solarwinds Platform
The SolarWinds Platform was determined to be affected by a reflected cross-site scripting vulnerability affecting the web console.
network
low complexity
solarwinds
4.8
2024-05-03 CVE-2024-28072 Unspecified vulnerability in Solarwinds Serv-U
A highly privileged account can overwrite arbitrary files on the system with log output.
network
low complexity
solarwinds
4.9