CVE-2022-36960

Published: Nov 29, 2022Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

SolarWinds Platform was susceptible to Improper Input Validation. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to escalate user privileges.

Affected (9)

Products: Solarwinds: Orion Platform

1 product

Configuration A

9 vulnerable

Vulnerable Software	Affected Versions
Solarwinds Orion Platform	Before 2020.2.6
Solarwinds Orion Platform	Version 2020.2.6
Solarwinds Orion Platform	Version 2020.2.6 hotfix1
Solarwinds Orion Platform	Version 2020.2.6 hotfix2
Solarwinds Orion Platform	Version 2020.2.6 hotfix3
Solarwinds Orion Platform	Version 2020.2.6 hotfix4
Solarwinds Orion Platform	Version 2020.2.6 hotfix5
Solarwinds Orion Platform	Version 2022.2
Solarwinds Orion Platform	Version 2022.3

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (4)

https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-4_release_notes.htm

Source: psirt@solarwinds.com

Release NotesVendor Advisory

https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36960

Source: psirt@solarwinds.com

Vendor Advisory

https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-4_release_notes.htm

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36960

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.