Lucene search

SolarWindsCVELIST:CVE-2022-36966

HistoryOct 20, 2022 - 8:05 p.m.

CVE-2022-36966 Insecure Direct Object Reference Vulnerability: Orion Platform 2020.2.6

2022-10-2020:05:35

SolarWinds

www.cve.org

cve-2022-36966

orion platform

node management

url parameter

idor vulnerability

solarwinds platform 2022.3

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

22.7%

JSON

Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds Platform 2022.3 and previous.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows"
    ],
    "product": "SolarWinds Platform",
    "vendor": "SolarWinds",
    "versions": [
      {
        "lessThan": "2022.3",
        "status": "affected",
        "version": "2022.3 and previous",
        "versionType": "custom"
      }
    ]
  }
]

References

documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-4_release_notes.htm

www.solarwinds.com/trust-center/security-advisories/CVE-2022-36966

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

22.7%

JSON

Related for CVELIST:CVE-2022-36966