Lucene search

[email protected]NVD:CVE-2022-36960

HistoryNov 29, 2022 - 9:15 p.m.

CVE-2022-36960

2022-11-2921:15:10

CWE-20

CWE-287

[email protected]

web.nvd.nist.gov

solarwinds

vulnerability

privilege escalation

improper input validation

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

55.6%

JSON

SolarWinds Platform was susceptible to Improper Input Validation. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to escalate user privileges.

Affected configurations

NVD

Node

solarwindsorion_platformRange<2020.2.6

solarwindsorion_platformMatch2020.2.6-

solarwindsorion_platformMatch2020.2.6hotfix1

solarwindsorion_platformMatch2020.2.6hotfix2

solarwindsorion_platformMatch2020.2.6hotfix3

solarwindsorion_platformMatch2020.2.6hotfix4

solarwindsorion_platformMatch2020.2.6hotfix5

solarwindsorion_platformMatch2022.2

solarwindsorion_platformMatch2022.3

References

documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-4_release_notes.htm

www.solarwinds.com/trust-center/security-advisories/CVE-2022-36960

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

55.6%

JSON

Related for NVD:CVE-2022-36960

prion1 zdi1 cvelist1 cve1 nessus1