CISA Catalog
Data sourced from the official CISA Known Exploited Vulnerabilities Catalog. Federal agencies are required to remediate these vulnerabilities by the due date per BOD 22-01.
KEV Entries
1,619
Ransomware Use
327
Overdue
1,615
Vendors
266
Products
655
11 results · Page 1/1
SolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability
SolarWinds · Serv-U
SolarWinds Serv-U contains an uncontrolled resource consumption vulnerability that allows specially crafted POST requests using the Content-Encoding: deflate header to crash the Serv-U service without authentication.
Required Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability
SolarWinds · Web Help Desk
SolarWinds Web Help Desk contain a deserialization of untrusted data vulnerability in AjaxProxy that could allow an attacker to run commands on the host machine.
Required Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
SolarWinds Web Help Desk Security Control Bypass Vulnerability
SolarWinds · Web Help Desk
SolarWinds Web Help Desk contains a security control bypass vulnerability that could allow an unauthenticated attacker to gain access to certain restricted functionality.
Required Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability
SolarWinds · Web Help Desk
SolarWinds Web Help Desk contains a deserialization of untrusted data vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.
Required Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
SolarWinds Web Help Desk Hardcoded Credential Vulnerability
SolarWinds · Web Help Desk
SolarWinds Web Help Desk contains a hardcoded credential vulnerability that could allow a remote, unauthenticated user to access internal functionality and modify data.
Required Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability
SolarWinds · Web Help Desk
SolarWinds Web Help Desk contains a deserialization of untrusted data vulnerability that could allow for remote code execution.
Required Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
SolarWinds Serv-U Path Traversal Vulnerability
SolarWinds · Serv-U
SolarWinds Serv-U contains a path traversal vulnerability that allows an attacker access to read sensitive files on the host machine.
Required Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
SolarWinds Serv-U Improper Input Validation Vulnerability
SolarWinds · Serv-U
SolarWinds Serv-U versions 15.2.5 and earlier contain an improper input validation vulnerability that allows attackers to build and send queries without sanitization.
Required Action
Apply updates per vendor instructions.
SolarWinds Virtualization Manager Privilege Escalation Vulnerability
SolarWinds · Virtualization Manager
SolarWinds Virtualization Manager allows for privilege escalation through leveraging a misconfiguration of sudo.
Required Action
Apply updates per vendor instructions.
SolarWinds Serv-U Remote Code Execution Vulnerability
SolarWinds · Serv-U
SolarWinds Serv-U contains an unspecified memory escape vulnerability which can allow for remote code execution.
Required Action
Apply updates per vendor instructions.
SolarWinds Orion Authentication Bypass Vulnerability
SolarWinds · Orion
SolarWinds Orion API contains an authentication bypass vulnerability that could allow a remote attacker to execute API commands.
Required Action
Apply updates per vendor instructions.
