- How many CVEs does SolarWinds have?
- SolarWinds has 324 published CVE records since 2001, including 38 in the last two years.
- How many SolarWinds CVEs are in CISA KEV?
- Yes — 11 of SolarWinds's CVEs are listed in CISA's Known Exploited Vulnerabilities catalog, confirmed exploited in the wild and carrying a CISA remediation deadline.
- Which SolarWinds products have the most CVEs?
- The SolarWinds products with the most published CVEs are Orion Platform, SolarWinds Platform, Serv-U, Access Rights Manager, Web Help Desk.
- What are the most common weakness types in SolarWinds CVEs?
- SolarWinds's CVEs most often map to these CWE weakness types: CWE-502 (Deserialization of Untrusted Data), CWE-22 (Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')), CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')), CWE-89 (Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')).
- Are there public exploits for SolarWinds vulnerabilities?
- Yes — 61 of SolarWinds's CVEs have a known public exploit.
- How many critical SolarWinds vulnerabilities are there?
- SolarWinds has 66 critical and 133 high-severity CVEs.
- What is the average severity of SolarWinds CVEs?
- The average CVSS base score across SolarWinds's scored CVEs is 7.3.