![solarwinds security advisory solarwinds security advisory](https://thwack.solarwinds.com/resized-image/__size/985x742/__key/commentfiles/f7d226abd59f475c9d224a79e3f0ec07-441d84ed-f93b-4195-a270-c798eef93edd/hotfix.png)
You can Subscribe to this RSS Feed to be notified when we update this page (note: you will need to cut and paste the UPDATE December 13, 2021: NOTE: This security vulnerability only affects Server & Application Monitor (SAM) and Database Performance Analyzer (DPA) and does not affect any other SolarWinds or N-able (formerly SolarWinds MSP) products. NOTE: SolarWinds products do not use JMSAppender, and are not known to be affected by the vulnerability identified in CVE-2021-4104. UPDATE December 16, 2021: Updated to reflect availability of and support for Log4j 2.16.0 to resolve CVE-2021-45046 vulnerability reported on Log4j. Guidance for all three CVEs related to the Log4j issue is available on this page: This update also reflects CISA Emergency Directive 22-02 Mitigate Apache Log4j Vulnerability, issued December 17, 2021, and we have posted a new security advisory for CVE-2021-4104. UPDATE December 17, 2021: Updated to announce the availability of the Database Performance Analyzer (DPA) hotfix released today, December 17, 2021, which is available for DPA customers in their Customer Portal at. You can Subscribe to this RSS Feed to be notified when we update this page (note: you will need to cut and paste the "Subscribe to this RSS feed" URL into an RSS Feed Reader, e.g., Outlook's RSS Subscriptions, to monitor updates). UPDATE December 18, 2021: SolarWinds is evaluating the Apache Log4j Denial of Service vulnerability CVE-2021-45105, announced December 18, 2021, and the release of Apache Log4j 2.17. UPDATE December 20, 2021: Updated to announce the availability of the Server & Application Monitor (SAM) hotfix released today, December 20, 2021, which is available for SAM customers in their Customer Portal at.
![solarwinds security advisory solarwinds security advisory](https://www.channele2e.com/wp-content/uploads/2018/11/solarwinds-building-2.jpg)
SolarWinds recommends customers of SAM and DPA apply the available hotfixes to their systems, and follow the guidance captured in the accompanying release notes. We’ve also added new CISA mitigation guidance: Mitigating Log4Shell and Other Log4j-Related Vulnerabilities. Additionally, NIST has upgraded the severity of CVE-2021-45046 from 3.7 Low to 9.0 Critical. UPDATE December 23, 2021: Updated to announce the availability of the Database Performance Analyzer (DPA) hotfix released December 22, 2021, which is available for DPA customers in their Customer Portal at. The hotfixes are available for DPA customers in their Customer Portal.
#Solarwinds security advisory install#
These hotfixes install version 2.17.1 of the affected files. UPDATE January 14, 2022: Updated to announce the availability of the DPA hotfixes released December 28, 2021. Released: DecemLast updated: January 14, 2022Īssigning CNA: Apache Software Foundation