CVE-2022-36962

Summary

SolarWinds Platform was susceptible to Command Injection. This vulnerability allows a remote adversary with complete control over the SolarWinds database to execute arbitrary commands.

Affected Software

VendorProductVersion RangeStatus
SolarWindsSolarWinds Platform2022.3 and prior versions <= 2022.3affected
SolarWindsOrion Platform2020.2.6 HF5 and prior versions <= 2020.2.6 HF5affected

Weaknesses

  • CWE-78: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References