Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-36958: SolarWinds Trust Center Security Advisories | CVE-2022-36958

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands.

CVE
#vulnerability#web#zero_day

Security Advisory Summary

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands.

Affected Products

  • SolarWinds Platform 2022.3 and earlier
  • Orion Platform 2020.2.6 HF5 and earlier

Fixed Software Release

  • SolarWinds Platform 2022.4 RC1

Acknowledgments

  • Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative

Related news

CVE-2022-36966: SolarWinds Platform 2022.4 Release Notes

Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds Platform 2022.3 and previous.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907