Like Other software Vendors, Solar Winds products has been also affected by this Critical Log4j vulnerability Except Server &Application Monitor (SAM) and Database Performance Analyzer (DPA) rest of the Solar winds products are not affected by this Vulnerability. SolarWinds team has come out with a detailed post on Blog on about how to mitigate this vulnerability for the affected applications (Note: The Hotfix is still not available and till the hotfix is available these steps can be used best as a Stop gap arrangement)
| SolarWinds Product | Versions | Status | Patched? |
|---|---|---|---|
| Database Performance Analyzer | 2021.1.x, 2021.3.x, 2022.1.x | Vulnerable | source, workaround |
| Orion Platform core | All | Not Vulnerable | source |
| Server & Application Monitor | >= 2020.2.6 | Vulnerable | source, workaround |
Rest of the Solar Wind products are not impacted according the advisory over here – https://www.solarwinds.com/trust-center/security-advisories/cve-2021-44228 (Orion Platform Core is not affected by this vulnerability as it is never used Log4j package)