Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for Observability Self-Hosted by SolarWinds

    CVE-2026-28301 (GCVE-0-2026-28301)

    Vulnerability from nvd – Published: 2026-06-09 15:41 – Updated: 2026-06-09 18:40
    VLAI
    Title
    SolarWinds Observability Self-Hosted Open Redirect Vulnerability
    Summary
    A vulnerability in which an attacker can provide a crafted external URL that may redirect a user to an unintended website.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
    Assigner
    Impacted products
    Vendor Product Version
    SolarWinds Observability Self-Hosted Affected: 2026.1 and previous versions
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-28301",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-09T17:27:16.877886Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-09T18:40:29.361Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Observability Self-Hosted",
              "vendor": "SolarWinds",
              "versions": [
                {
                  "status": "affected",
                  "version": "2026.1 and previous versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A vulnerability in which an attacker can provide a crafted external URL that may redirect a user to an unintended website.\u003cbr\u003e"
                }
              ],
              "value": "A vulnerability in which an attacker can provide a crafted external URL that may redirect a user to an unintended website."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-178",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-178 Cross-Site Flashing"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-601",
                  "description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-09T15:41:46.314Z",
            "orgId": "49f11609-934d-4621-84e6-e02e032104d6",
            "shortName": "SolarWinds"
          },
          "references": [
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/hco_2026-2_release_notes.htm"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2026-28301"
            },
            {
              "tags": [
                "x_secure-configuration-guide"
              ],
              "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "SolarWinds recommends customers upgrade to SolarWinds Observability Self-Hosted 2026.2 when possible.\u0026nbsp;"
                }
              ],
              "value": "SolarWinds recommends customers upgrade to SolarWinds Observability Self-Hosted 2026.2 when possible."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "SolarWinds Observability Self-Hosted Open Redirect Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
        "assignerShortName": "SolarWinds",
        "cveId": "CVE-2026-28301",
        "datePublished": "2026-06-09T15:41:46.314Z",
        "dateReserved": "2026-02-26T14:15:09.403Z",
        "dateUpdated": "2026-06-09T18:40:29.361Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-26392 (GCVE-0-2025-26392)

    Vulnerability from nvd – Published: 2025-10-21 07:46 – Updated: 2025-10-21 13:48
    VLAI
    Title
    SolarWinds Observability Self-Hosted SQL Injection Vulnerability
    Summary
    SolarWinds Observability Self-Hosted is susceptible to SQL injection vulnerability that may display sensitive data using a low-level account. This vulnerability requires authentication from a low-privilege account.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    Impacted products
    Vendor Product Version
    SolarWinds Observability Self-Hosted Affected: 2025.2.1 and below
    Create a notification for this product.
    Credits
    The KPN REDteam
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-26392",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-21T13:47:57.752770Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T13:48:20.826Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows"
              ],
              "product": "Observability Self-Hosted",
              "vendor": "SolarWinds",
              "versions": [
                {
                  "status": "affected",
                  "version": "2025.2.1 and below"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "The KPN REDteam"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "SolarWinds Observability Self-Hosted is susceptible to SQL injection vulnerability that may display sensitive data using a low-level account. This vulnerability requires authentication from a low-privilege account. \u003cbr\u003e"
                }
              ],
              "value": "SolarWinds Observability Self-Hosted is susceptible to SQL injection vulnerability that may display sensitive data using a low-level account. This vulnerability requires authentication from a low-privilege account."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-66",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-66 SQL Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-21T07:46:11.503Z",
            "orgId": "49f11609-934d-4621-84e6-e02e032104d6",
            "shortName": "SolarWinds"
          },
          "references": [
            {
              "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-26392"
            },
            {
              "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/hco_2025-4_release_notes.htm"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "SolarWinds recommends that customers upgrade to SolarWinds Observability Self-Hosted 2025.4  as soon as it becomes available.\n\n\u003cbr\u003e"
                }
              ],
              "value": "SolarWinds recommends that customers upgrade to SolarWinds Observability Self-Hosted 2025.4  as soon as it becomes available."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "SolarWinds Observability Self-Hosted SQL Injection Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
        "assignerShortName": "SolarWinds",
        "cveId": "CVE-2025-26392",
        "datePublished": "2025-10-21T07:46:11.503Z",
        "dateReserved": "2025-02-08T00:19:09.394Z",
        "dateUpdated": "2025-10-21T13:48:20.826Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-28301 (GCVE-0-2026-28301)

    Vulnerability from cvelistv5 – Published: 2026-06-09 15:41 – Updated: 2026-06-09 18:40
    VLAI
    Title
    SolarWinds Observability Self-Hosted Open Redirect Vulnerability
    Summary
    A vulnerability in which an attacker can provide a crafted external URL that may redirect a user to an unintended website.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
    Assigner
    Impacted products
    Vendor Product Version
    SolarWinds Observability Self-Hosted Affected: 2026.1 and previous versions
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-28301",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-09T17:27:16.877886Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-09T18:40:29.361Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Observability Self-Hosted",
              "vendor": "SolarWinds",
              "versions": [
                {
                  "status": "affected",
                  "version": "2026.1 and previous versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A vulnerability in which an attacker can provide a crafted external URL that may redirect a user to an unintended website.\u003cbr\u003e"
                }
              ],
              "value": "A vulnerability in which an attacker can provide a crafted external URL that may redirect a user to an unintended website."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-178",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-178 Cross-Site Flashing"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-601",
                  "description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-09T15:41:46.314Z",
            "orgId": "49f11609-934d-4621-84e6-e02e032104d6",
            "shortName": "SolarWinds"
          },
          "references": [
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/hco_2026-2_release_notes.htm"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2026-28301"
            },
            {
              "tags": [
                "x_secure-configuration-guide"
              ],
              "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "SolarWinds recommends customers upgrade to SolarWinds Observability Self-Hosted 2026.2 when possible.\u0026nbsp;"
                }
              ],
              "value": "SolarWinds recommends customers upgrade to SolarWinds Observability Self-Hosted 2026.2 when possible."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "SolarWinds Observability Self-Hosted Open Redirect Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
        "assignerShortName": "SolarWinds",
        "cveId": "CVE-2026-28301",
        "datePublished": "2026-06-09T15:41:46.314Z",
        "dateReserved": "2026-02-26T14:15:09.403Z",
        "dateUpdated": "2026-06-09T18:40:29.361Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-26392 (GCVE-0-2025-26392)

    Vulnerability from cvelistv5 – Published: 2025-10-21 07:46 – Updated: 2025-10-21 13:48
    VLAI
    Title
    SolarWinds Observability Self-Hosted SQL Injection Vulnerability
    Summary
    SolarWinds Observability Self-Hosted is susceptible to SQL injection vulnerability that may display sensitive data using a low-level account. This vulnerability requires authentication from a low-privilege account.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    Impacted products
    Vendor Product Version
    SolarWinds Observability Self-Hosted Affected: 2025.2.1 and below
    Create a notification for this product.
    Credits
    The KPN REDteam
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-26392",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-21T13:47:57.752770Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T13:48:20.826Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows"
              ],
              "product": "Observability Self-Hosted",
              "vendor": "SolarWinds",
              "versions": [
                {
                  "status": "affected",
                  "version": "2025.2.1 and below"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "The KPN REDteam"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "SolarWinds Observability Self-Hosted is susceptible to SQL injection vulnerability that may display sensitive data using a low-level account. This vulnerability requires authentication from a low-privilege account. \u003cbr\u003e"
                }
              ],
              "value": "SolarWinds Observability Self-Hosted is susceptible to SQL injection vulnerability that may display sensitive data using a low-level account. This vulnerability requires authentication from a low-privilege account."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-66",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-66 SQL Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-21T07:46:11.503Z",
            "orgId": "49f11609-934d-4621-84e6-e02e032104d6",
            "shortName": "SolarWinds"
          },
          "references": [
            {
              "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-26392"
            },
            {
              "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/hco_2025-4_release_notes.htm"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "SolarWinds recommends that customers upgrade to SolarWinds Observability Self-Hosted 2025.4  as soon as it becomes available.\n\n\u003cbr\u003e"
                }
              ],
              "value": "SolarWinds recommends that customers upgrade to SolarWinds Observability Self-Hosted 2025.4  as soon as it becomes available."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "SolarWinds Observability Self-Hosted SQL Injection Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
        "assignerShortName": "SolarWinds",
        "cveId": "CVE-2025-26392",
        "datePublished": "2025-10-21T07:46:11.503Z",
        "dateReserved": "2025-02-08T00:19:09.394Z",
        "dateUpdated": "2025-10-21T13:48:20.826Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CERTFR-2025-AVI-1020

    Vulnerability from certfr_avis - Published: 2025-11-19 - Updated: 2025-11-19

    De multiples vulnérabilités ont été découvertes dans les produits SolarWinds. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une injection de code indirecte à distance (XSS) et un contournement de la politique de sécurité.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    SolarWinds Observability Self-Hosted Observability Self-Hosted versions antérieures à 2025.4
    SolarWinds Serv-U Serv-U versions antérieures à 15.5.2.2.102
    References

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Observability Self-Hosted versions ant\u00e9rieures \u00e0 2025.4",
          "product": {
            "name": "Observability Self-Hosted",
            "vendor": {
              "name": "SolarWinds",
              "scada": false
            }
          }
        },
        {
          "description": "Serv-U versions ant\u00e9rieures \u00e0 15.5.2.2.102",
          "product": {
            "name": "Serv-U",
            "vendor": {
              "name": "SolarWinds",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2025-40548",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-40548"
        },
        {
          "name": "CVE-2025-26391",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-26391"
        },
        {
          "name": "CVE-2025-40545",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-40545"
        },
        {
          "name": "CVE-2025-40547",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-40547"
        },
        {
          "name": "CVE-2025-40549",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-40549"
        }
      ],
      "initial_release_date": "2025-11-19T00:00:00",
      "last_revision_date": "2025-11-19T00:00:00",
      "links": [],
      "reference": "CERTFR-2025-AVI-1020",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2025-11-19T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Injection de code indirecte \u00e0 distance (XSS)"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SolarWinds. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une injection de code indirecte \u00e0 distance (XSS) et un contournement de la politique de s\u00e9curit\u00e9.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SolarWinds",
      "vendor_advisories": [
        {
          "published_at": "2025-11-18",
          "title": "Bulletin de s\u00e9curit\u00e9 SolarWinds cve-2025-40548",
          "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2025-40548"
        },
        {
          "published_at": "2025-11-18",
          "title": "Bulletin de s\u00e9curit\u00e9 SolarWinds cve-2025-40549",
          "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2025-40549"
        },
        {
          "published_at": "2025-11-18",
          "title": "Bulletin de s\u00e9curit\u00e9 SolarWinds cve-2025-26391",
          "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2025-26391"
        },
        {
          "published_at": "2025-11-18",
          "title": "Bulletin de s\u00e9curit\u00e9 SolarWinds cve-2025-40547",
          "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2025-40547"
        },
        {
          "published_at": "2025-11-18",
          "title": "Bulletin de s\u00e9curit\u00e9 SolarWinds cve-2025-40545",
          "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2025-40545"
        }
      ]
    }

    CERTFR-2025-AVI-0912

    Vulnerability from certfr_avis - Published: 2025-10-22 - Updated: 2025-10-22

    Une vulnérabilité a été découverte dans SolarWinds Observability. Elle permet à un attaquant de provoquer une injection SQL (SQLi).

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    SolarWinds Observability Self-Hosted Observability Self-Hosted versions antérieures à 2025.4
    References

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Observability Self-Hosted versions ant\u00e9rieures \u00e0 2025.4",
          "product": {
            "name": "Observability Self-Hosted",
            "vendor": {
              "name": "SolarWinds",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2025-26392",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-26392"
        }
      ],
      "initial_release_date": "2025-10-22T00:00:00",
      "last_revision_date": "2025-10-22T00:00:00",
      "links": [],
      "reference": "CERTFR-2025-AVI-0912",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2025-10-22T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Injection SQL (SQLi)"
        }
      ],
      "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans SolarWinds Observability. Elle permet \u00e0 un attaquant de provoquer une injection SQL (SQLi).",
      "title": "Vuln\u00e9rabilit\u00e9 dans SolarWinds Observability",
      "vendor_advisories": [
        {
          "published_at": "2025-10-21",
          "title": "Bulletin de s\u00e9curit\u00e9 SolarWinds cve-2025-26392",
          "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2025-26392"
        }
      ]
    }