← Back

CVE-2022-38108

nvd nist
Published: Oct 20, 2022Modified: May 8, 2025

JSON object

Loading...
7.2
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.2 / Impact: 5.9
Source: NVD

Description

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

Affected (9)

Solarwinds
1 product
Orion Platform
Configuration A
9 vulnerable
Vulnerable SoftwareAffected Versions
Solarwinds
Orion Platform
Before 2020.2.6
Orion Platform
Version 2020.2.6
Orion Platform
Version 2020.2.6 hotfix1
Orion Platform
Version 2020.2.6 hotfix2
Orion Platform
Version 2020.2.6 hotfix3
Orion Platform
Version 2020.2.6 hotfix4
Orion Platform
Version 2020.2.6 hotfix5
Orion Platform
Version 2022.2
Orion Platform
Version 2022.3

Related CWEs

CWE-502
Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References (7)

Source: psirt@solarwinds.com
Source: psirt@solarwinds.com
Vendor Advisory
Source: psirt@solarwinds.com
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Timeline

No history available yet.