Lucene search

[email protected]CVE-2022-36966

HistoryOct 20, 2022 - 9:15 p.m.

CVE-2022-36966

2022-10-2021:15:10

CWE-639

[email protected]

web.nvd.nist.gov

cve-2022-36966

node management

idor

solarwinds platform

security vulnerability

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.9%

JSON

Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds Platform 2022.3 and previous.

Affected configurations

NVD

Node

solarwindsorion_platformRange<2020.2.6

solarwindsorion_platformMatch2020.2.6-

solarwindsorion_platformMatch2020.2.6hotfix1

solarwindsorion_platformMatch2020.2.6hotfix2

solarwindsorion_platformMatch2020.2.6hotfix3

solarwindsorion_platformMatch2020.2.6hotfix4

solarwindsorion_platformMatch2020.2.6hotfix5

solarwindsorion_platformMatch2022.2

solarwindsorion_platformMatch2022.3

CPENameOperatorVersion
solarwinds:orion_platformsolarwinds orion platformlt2020.2.6
solarwinds:orion_platformsolarwinds orion platformeq2022.2
solarwinds:orion_platformsolarwinds orion platformeq2022.3

CPE	Name	Operator	Version
solarwinds:orion_platform	solarwinds orion platform	lt	2020.2.6
solarwinds:orion_platform	solarwinds orion platform	eq	2022.2
solarwinds:orion_platform	solarwinds orion platform	eq	2022.3

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows"
    ],
    "product": "SolarWinds Platform",
    "vendor": "SolarWinds",
    "versions": [
      {
        "lessThan": "2022.3",
        "status": "affected",
        "version": "2022.3 and previous",
        "versionType": "custom"
      }
    ]
  }
]

References

documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-4_release_notes.htm

www.solarwinds.com/trust-center/security-advisories/CVE-2022-36966

Social References

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.9%

JSON

Related for CVE-2022-36966

prion1 cvelist1 nvd1 nessus1