CVE-2022-36964

Summary

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands.

Affected Software

VendorProductVersion RangeStatus
SolarWindsSolarWinds Platform2022.3 and prior versions <= 2022.3affected
SolarWindsOrion Platform2020.2.6 HF5 and prior versions <= 2020.2.6 HF5affected

Weaknesses

  • CWE-502: CWE-502 Deserialization of Untrusted Data

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References