Headline
CVE-2022-36961: SolarWinds Trust Center Security Advisories | CVE-2022-36961
A verb used in Orion was vulnerable to SQL Injection, an authenticated attacker could leverage this for privilege escalation or remote code execution.
Summary
A component of Orion Platform was found to be vulnerable to SQL Injection attacks. An authenticated attacker could leverage this for privilege escalation or remote code execution.
Affected Products
- Orion Platform 2022.2 and earlier
Fixed Software Release
- SolarWinds Platform 2022.3
Related news
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
Insufficient sanitization of inputs in QoE application input field could lead to stored and Dom based XSS attack. This issue is fixed and released in SolarWinds Platform (2022.3.0).