Headline
CVE-2022-36958: SolarWinds Trust Center Security Advisories | CVE-2022-36958
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands.
Security Advisory Summary
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands.
Affected Products
- SolarWinds Platform 2022.3 and earlier
- Orion Platform 2020.2.6 HF5 and earlier
Fixed Software Release
- SolarWinds Platform 2022.4 RC1
Acknowledgments
- Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative
Related news
CVE-2022-36966: SolarWinds Platform 2022.4 Release Notes
Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds Platform 2022.3 and previous.