Lucene search
HistoryNov 29, 2022 - 9:15 p.m.
CVE-2022-36964
solarwinds
vulnerability
cve-2022-36964
deserialization
untrusted data
remote adversary
web console
arbitrary commands
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
55.6%
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands.
Affected configurations
Node
solarwindsorion_platformRange<2020.2.6
ORsolarwindsorion_platformMatch2020.2.6-
ORsolarwindsorion_platformMatch2020.2.6hotfix1
ORsolarwindsorion_platformMatch2020.2.6hotfix2
ORsolarwindsorion_platformMatch2020.2.6hotfix3
ORsolarwindsorion_platformMatch2020.2.6hotfix4
ORsolarwindsorion_platformMatch2020.2.6hotfix5
ORsolarwindsorion_platformMatch2022.2
ORsolarwindsorion_platformMatch2022.3
Related
cvelist
cvelist
CVE-2022-36964 SolarWinds Platform Deserialization of Untrusted Data
2022-11-22 00:00:00
zdi
zdi
cve
cve
CVE-2022-36964
2022-11-29 21:15:10
prion
prion
Deserialization of untrusted data
2022-11-29 21:15:00
nessus
nessus
SolarWinds Orion Platform < 2022.4 Multiple Vulnerabilities
2022-10-27 00:00:00
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
55.6%
Related for NVD:CVE-2022-36964