SolarWinds CVE coverage for IT operations, monitoring, service management, file-transfer, and MSP-adjacent tooling.
Vendor watch hub
The SolarWindswatch hub is a vendor-specific view inside ITECS MSP Threat Radar. We pull the latest security advisories, incidents, and known-exploited CVEs directly from the official feeds below, score each one for MSP relevance, and surface what's most likely to need attention this week.
At a glance
Tracked
Active
Featured
Unique CVEs
Most recent entry
Mar 8, 2026, 7:00 PM
Feed refreshes daily · 5:15 a.m. Central
Sources·CISA KEV and NVD (product vendor coverage)
"Most recent entry" is the newest item the upstream feed has published — not our sync time.
Watch items
Showing the 18 most recent items, newest first. Each row links to the official advisory.
18 rows · sorted newest first
Operations viewSolarWinds Web Help Desk contain a deserialization of untrusted data vulnerability in AjaxProxy that could allow an attacker to run commands on the host machine.
SolarWinds Web Help Desk contains a security control bypass vulnerability that could allow an unauthenticated attacker to gain access to certain restricted functionality.
SolarWinds Web Help Desk contains a deserialization of untrusted data vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.
SolarWinds Web Help Desk contains a hardcoded credential vulnerability that could allow a remote, unauthenticated user to access internal functionality and modify data.
SolarWinds Web Help Desk contains a deserialization of untrusted data vulnerability that could allow for remote code execution.
SolarWinds Serv-U contains a path traversal vulnerability that allows an attacker access to read sensitive files on the host machine.
SolarWinds Serv-U versions 15.2.5 and earlier contain an improper input validation vulnerability that allows attackers to build and send queries without sanitization.
SolarWinds Orion API contains an authentication bypass vulnerability that could allow a remote attacker to execute API commands.
SolarWinds Serv-U contains an unspecified memory escape vulnerability which can allow for remote code execution. Known ransomware use: Known.
SQL injection vulnerability in the LoginServlet page in SolarWinds Storage Manager before 5.1.2, SolarWinds Storage Profiler before 5.1.2, and SolarWinds Backup Profiler before 5.1.2 allows remote attackers to execute arbitrary SQL commands via the loginName field.
In SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4, a menu system is encountered when the SSH service is accessed with "cmc" and "password" (the default username and password). By exploiting a vulnerability in the restrictssh feature of the menuing script, an attacker can escape from the restricted shell.
SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an authenticated user to execute arbitrary commands.
The editbanner feature in SolarWinds LEM (aka SIEM) through 6.3.1 allows remote authenticated users to execute arbitrary code by editing /usr/local/contego/scripts/mgrconfig.pl.
SolarWinds LEM (aka SIEM) before 6.3.1 has an incorrect sudo configuration, which allows local users to obtain root access by editing /usr/local/contego/scripts/hostname.sh.
Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface in the Scheduler in SolarWinds (formerly Serv-U) FTP Voyager 16.2.0 allow remote attackers to hijack the authentication of users for requests that (1) change the admin password, (2) terminate the scheduler, or (3) possibly execute arbitrary commands via crafted requests to Admin/XML/Result.xml.
SolarWinds Virtualization Manager 6.3.1 and earlier allow local users to gain privileges by leveraging a misconfiguration of sudo, as demonstrated by "sudo cat /etc/passwd."
The RMI service in SolarWinds Virtualization Manager 6.3.1 and earlier allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
Multiple SQL injection vulnerabilities in the Web Services web server in SolarWinds Storage Resource Monitor (SRM) Profiler (formerly Storage Manager (STM)) before 6.2.3 allow remote attackers to execute arbitrary SQL commands via the (1) ScriptSchedule parameter in the ScriptServlet servlet; the (2) winEventId or (3) winEventLog parameter in the WindowsEventLogsServlet servlet; the (4) processOS parameter in the ProcessesServlet servlet; the (5) group, (6) groupName, or (7) clientName parameter in the BackupExceptionsServlet servlet; the (8) valDB or (9) valFS parameter in the BackupAssociationServlet servlet; the (10) orderBy or (11) orderDir parameter in the HostStorageServlet servlet; the (12) fileName, (13) sortField, or (14) sortDirection parameter in the DuplicateFilesServlet servlet; the (15) orderFld or (16) orderDir parameter in the QuantumMonitorServlet servlet; the (17) exitCode parameter in the NbuErrorMessageServlet servlet; the (18) udfName, (19) displayName, (20) udfDescription, (21) udfDataValue, (22) udfSectionName, or (23) udfId parameter in the UserDefinedFieldConfigServlet servlet; the (24) sortField or (25) sortDirection parameter in the XiotechMonitorServlet servlet; the (26) sortField or (27) sortDirection parameter in the BexDriveUsageSummaryServlet servlet; the (28) state parameter in the ScriptServlet servlet; the (29) assignedNames parameter in the FileActionAssignmentServlet servlet; the (30) winEventSource parameter in the WindowsEventLogsServlet servlet; or the (31) name, (32) ipOne, (33) ipTwo, or (34) ipThree parameter in the XiotechMonitorServlet servlet.
| Alert | Exposure | Status | Published | Source |
|---|---|---|---|---|
SolarWinds Web Help Desk Deserialization of Untrusted Data VulnerabilitySolarWinds Web Help Desk contain a deserialization of untrusted data vulnerability in AjaxProxy that could allow an attacker to run commands on the host machine. Web Help Desk | criticalCVE-2025-26399 Critical | active | Mar 8, 2026, 7:00 PM | CISA KEVOpen source |
SolarWinds Web Help Desk Security Control Bypass VulnerabilitySolarWinds Web Help Desk contains a security control bypass vulnerability that could allow an unauthenticated attacker to gain access to certain restricted functionality. Web Help Desk | criticalCVE-2025-40536 Critical | active | Feb 11, 2026, 6:00 PM | CISA KEVOpen source |
SolarWinds Web Help Desk Deserialization of Untrusted Data VulnerabilitySolarWinds Web Help Desk contains a deserialization of untrusted data vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication. Web Help Desk | criticalCVE-2025-40551 Critical | active | Feb 2, 2026, 6:00 PM | CISA KEVOpen source |
SolarWinds Web Help Desk Hardcoded Credential VulnerabilitySolarWinds Web Help Desk contains a hardcoded credential vulnerability that could allow a remote, unauthenticated user to access internal functionality and modify data. Web Help Desk | criticalCVE-2024-28987 Critical | active | Oct 14, 2024, 7:00 PM | CISA KEVOpen source |
SolarWinds Web Help Desk Deserialization of Untrusted Data VulnerabilitySolarWinds Web Help Desk contains a deserialization of untrusted data vulnerability that could allow for remote code execution. Web Help Desk | criticalCVE-2024-28986 Critical | active | Aug 14, 2024, 7:00 PM | CISA KEVOpen source |
SolarWinds Serv-U Path Traversal VulnerabilitySolarWinds Serv-U contains a path traversal vulnerability that allows an attacker access to read sensitive files on the host machine. Serv-U | criticalCVE-2024-28995 Critical | active | Jul 16, 2024, 7:00 PM | CISA KEVOpen source |
SolarWinds Serv-U Improper Input Validation VulnerabilitySolarWinds Serv-U versions 15.2.5 and earlier contain an improper input validation vulnerability that allows attackers to build and send queries without sanitization. Serv-U | criticalCVE-2021-35247 Critical | active | Jan 20, 2022, 6:00 PM | CISA KEVOpen source |
SolarWinds Orion Authentication Bypass VulnerabilitySolarWinds Orion API contains an authentication bypass vulnerability that could allow a remote attacker to execute API commands. Orion | criticalCVE-2020-10148 Critical | active | Nov 2, 2021, 7:00 PM | CISA KEVOpen source |
SolarWinds Serv-U Remote Code Execution VulnerabilitySolarWinds Serv-U contains an unspecified memory escape vulnerability which can allow for remote code execution. Known ransomware use: Known. Serv-U | criticalCVE-2021-35211 Critical | active | Nov 2, 2021, 7:00 PM | CISA KEVOpen source |
backup profiler vulnerability (CVE-2012-2576)SQL injection vulnerability in the LoginServlet page in SolarWinds Storage Manager before 5.1.2, SolarWinds Storage Profiler before 5.1.2, and SolarWinds Backup Profiler before 5.1.2 allows remote attackers to execute arbitrary SQL commands via the loginName field. backup profiler | CRITICALCVE-2012-2576 Elevated | watch | Dec 20, 2017, 3:29 PM | NVDOpen source |
log \& event manager vulnerability (CVE-2017-7722)In SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4, a menu system is encountered when the SSH service is accessed with "cmc" and "password" (the default username and password). By exploiting a vulnerability in the restrictssh feature of the menuing script, an attacker can escape from the restricted shell. log \& event manager | CRITICALCVE-2017-7722 Elevated | watch | Apr 12, 2017, 11:59 AM | NVDOpen source |
log \& event manager vulnerability (CVE-2017-7647)SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an authenticated user to execute arbitrary commands. log \& event manager | HIGHCVE-2017-7647 Watch | watch | Apr 10, 2017, 2:59 PM | NVDOpen source |
log and event manager vulnerability (CVE-2017-5199)The editbanner feature in SolarWinds LEM (aka SIEM) through 6.3.1 allows remote authenticated users to execute arbitrary code by editing /usr/local/contego/scripts/mgrconfig.pl. log and event manager | HIGHCVE-2017-5199 Watch | watch | Mar 24, 2017, 2:59 AM | NVDOpen source |
log and event manager vulnerability (CVE-2017-5198)SolarWinds LEM (aka SIEM) before 6.3.1 has an incorrect sudo configuration, which allows local users to obtain root access by editing /usr/local/contego/scripts/hostname.sh. log and event manager | HIGHCVE-2017-5198 Watch | watch | Mar 24, 2017, 2:59 AM | NVDOpen source |
ftp voyager vulnerability (CVE-2017-6803)Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface in the Scheduler in SolarWinds (formerly Serv-U) FTP Voyager 16.2.0 allow remote attackers to hijack the authentication of users for requests that (1) change the admin password, (2) terminate the scheduler, or (3) possibly execute arbitrary commands via crafted requests to Admin/XML/Result.xml. ftp voyager | HIGHCVE-2017-6803 Watch | watch | Mar 20, 2017, 11:59 AM | NVDOpen source |
virtualization manager vulnerability (CVE-2016-3643)SolarWinds Virtualization Manager 6.3.1 and earlier allow local users to gain privileges by leveraging a misconfiguration of sudo, as demonstrated by "sudo cat /etc/passwd." virtualization manager | HIGHCVE-2016-3643 Critical | active | Jun 17, 2016, 10:59 AM | CISA KEVOpen source |
virtualization manager vulnerability (CVE-2016-3642)The RMI service in SolarWinds Virtualization Manager 6.3.1 and earlier allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. virtualization manager | CRITICALCVE-2016-3642 Elevated | watch | Jun 17, 2016, 10:59 AM | NVDOpen source |
storage resource monitor vulnerability (CVE-2016-4350)Multiple SQL injection vulnerabilities in the Web Services web server in SolarWinds Storage Resource Monitor (SRM) Profiler (formerly Storage Manager (STM)) before 6.2.3 allow remote attackers to execute arbitrary SQL commands via the (1) ScriptSchedule parameter in the ScriptServlet servlet; the (2) winEventId or (3) winEventLog parameter in the WindowsEventLogsServlet servlet; the (4) processOS parameter in the ProcessesServlet servlet; the (5) group, (6) groupName, or (7) clientName parameter in the BackupExceptionsServlet servlet; the (8) valDB or (9) valFS parameter in the BackupAssociationServlet servlet; the (10) orderBy or (11) orderDir parameter in the HostStorageServlet servlet; the (12) fileName, (13) sortField, or (14) sortDirection parameter in the DuplicateFilesServlet servlet; the (15) orderFld or (16) orderDir parameter in the QuantumMonitorServlet servlet; the (17) exitCode parameter in the NbuErrorMessageServlet servlet; the (18) udfName, (19) displayName, (20) udfDescription, (21) udfDataValue, (22) udfSectionName, or (23) udfId parameter in the UserDefinedFieldConfigServlet servlet; the (24) sortField or (25) sortDirection parameter in the XiotechMonitorServlet servlet; the (26) sortField or (27) sortDirection parameter in the BexDriveUsageSummaryServlet servlet; the (28) state parameter in the ScriptServlet servlet; the (29) assignedNames parameter in the FileActionAssignmentServlet servlet; the (30) winEventSource parameter in the WindowsEventLogsServlet servlet; or the (31) name, (32) ipOne, (33) ipTwo, or (34) ipThree parameter in the XiotechMonitorServlet servlet. storage resource monitor | CRITICALCVE-2016-4350 Elevated | watch | May 9, 2016, 3:59 PM | NVDOpen source |
ITECS response pathways
These pathways connect the vendor watch feed into service-owner resources that already carry commercial authority.
Use the network monitoring pathway when this vendor alert needs an ITECS-managed response plan.
Connect the vendor watch page to broader managed detection, response, and governance planning.
Translate current watch items into a faster risk snapshot and prioritized remediation plan.
Return to the hub for cross-vendor prioritization, live filtering, and broader MSP threat context.
Vendor watch FAQ
It is the SolarWinds-specific view inside ITECS Threat Radar, built to track recent advisories, incidents, and watch items that may affect Dallas-area business operations.
Use it to confirm whether current SolarWinds issues overlap with your environment, prioritize remediation, and decide whether you need an assessment, managed security follow-through, or vendor-specific hardening work.
Yes. ITECS can help map SolarWinds advisories against your systems, validate affected services, prioritize remediation, and connect the issue to broader managed cybersecurity or managed IT workflows.