Just two questions:
1. Are all of these vulnerabilities were fixed in 2020.2.4 (Jan 25, 2021)?
2. Any evidence that hackers have successfully used these vulnerabilities?
CVE-2021-25274 is the most serious remote code execution (RCE) vulnerability found by Rakhmanov. It enables an unauthenticated user to gain complete control over the target’s SolarWinds installation remotely, without having any compromised credentials available, by chaining exploitation of two different issues that exist in how the system handles incoming messages.
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/full-system-control-with-new-solarwinds-orion-based-and-serv-u-ftp-vulnerabilities/
CVE-2021-25275 was found in the Orion-based User Device Tracker and enables an attacker to log into SolarWinds either locally or via Remote Desktop Protocol (RDP) and obtain a plain text password for the organisation’s back-end database, from where they can exfiltrate data or create new accounts with admin rights.
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/full-system-control-with-new-solarwinds-orion-based-and-serv-u-ftp-vulnerabilities/
CVE-2021-25276, in the Serv-U FTP product, is a directory access control bug that enables an authenticated user logging in either locally or via RDP to create a new user profile with admin rights.
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/full-system-control-with-new-solarwinds-orion-based-and-serv-u-ftp-vulnerabilities/
