Lucene search

SolarWindsCVELIST:CVE-2022-47512

HistoryDec 21, 2022 - 1:21 a.m.

CVE-2022-47512 Sensitive Data Disclosure Vulnerability

2022-12-2101:21:43

CWE-312

SolarWinds

www.cve.org

sensitive data

disclosure

hybrid cloud observability

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.5

Confidence

High

EPSS

Percentile

12.9%

JSON

Sensitive information was stored in plain text in a file that is accessible by a user with a local account in Hybrid Cloud Observability (HCO)/ SolarWinds Platform 2022.4. No other versions are affected

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows"
    ],
    "product": "Hybrid Cloud Observability (HCO)/ SolarWinds Platform",
    "vendor": "SolarWinds",
    "versions": [
      {
        "status": "affected",
        "version": "SolarWinds   2022.4"
      }
    ]
  }
]

References

documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-4-1_release_notes.htm

www.solarwinds.com/trust-center/security-advisories/CVE-2022-47512

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.5

Confidence

High

EPSS

Percentile

12.9%

JSON

Related for CVELIST:CVE-2022-47512