CVE-2022-47508

Description

Customers who had configured their polling to occur via Kerberos did not expect NTLM Traffic on their environment, but since we were querying for data via IP address this prevented us from utilizing Kerberos.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Affected products

SolarWinds / Server & Application Monitor (SAM)2022.4.1 and prior versions – 2022.4.1

References

VENDOR_ADVISORYhttps://www.solarwinds.com/trust-center/security-advisories/CVE-2022-47508
MISChttps://documentation.solarwinds.com/en/success_center/sam/content/release_notes/sam_2023-1_release_notes.htm