SolarWinds was recently targeted in a sophisticated supply chain attack that resulted in thousands of organizations receiving malicious updates for the company’s Orion monitoring product, and a few hundred — ones that presented an interest to the attackers — getting other malware that may have given the hackers deep access into their networks.

Following the disclosure of the attack, Trustwave researchers decided to analyze SolarWinds products based on the Orion framework to see if they contain any vulnerabilities that could expose the company’s customers to attacks. They discovered two vulnerabilities in Orion and one in Serv-U FTP software.