CVE-2022-36960

Description

SolarWinds Platform was susceptible to Improper Input Validation. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to escalate user privileges.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

SolarWinds / Orion Platform2020.2.6 HF5 and prior versions – 2020.2.6 HF5
SolarWinds / SolarWinds Platform2022.3 and prior versions – 2022.3

References

VENDOR_ADVISORYhttps://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36960
MISChttps://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-4_release_notes.htm