CVE-2022-36960

Summary

SolarWinds Platform was susceptible to Improper Input Validation. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to escalate user privileges.

Affected Software

VendorProductVersion RangeStatus
SolarWindsSolarWinds Platform2022.3 and prior versions < 2022.3affected
SolarWindsOrion Platform2020.2.6 HF5 and prior versions <= 2020.2.6 HF5affected

Weaknesses

  • CWE-287: CWE-287 Improper Authentication
  • CWE-20: CWE-20 Improper Input Validation

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References