CVE-2022-36966
5.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Summary
Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds Platform 2022.3 and previous.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SolarWinds | SolarWinds Platform | 2022.3 and previous < 2022.3 | affected |
Weaknesses
- Insecure Direct Object Reference Vulnerability: Orion Platform 2020.2.6
ADP Enrichment
CVE Program Container
Additional References
- https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-4_release_notes.htm
- https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36966
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-4_release_notes.htm
- https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36966
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.