← Back

CVE-2022-36964

nvd nist
Published: Nov 29, 2022Modified: Nov 21, 2024

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands.

Affected (9)

Solarwinds
1 product
Orion Platform
Configuration A
9 vulnerable
Vulnerable SoftwareAffected Versions
Solarwinds
Orion Platform
Before 2020.2.6
Orion Platform
Version 2020.2.6
Orion Platform
Version 2020.2.6 hotfix1
Orion Platform
Version 2020.2.6 hotfix2
Orion Platform
Version 2020.2.6 hotfix3
Orion Platform
Version 2020.2.6 hotfix4
Orion Platform
Version 2020.2.6 hotfix5
Orion Platform
Version 2022.2
Orion Platform
Version 2022.3

Related CWEs

CWE-502
Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References (4)

Source: psirt@solarwinds.com
Release NotesVendor Advisory
Source: psirt@solarwinds.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.