CVE-2022-36962

Description

SolarWinds Platform was susceptible to Command Injection. This vulnerability allows a remote adversary with complete control over the SolarWinds database to execute arbitrary commands.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

SolarWinds / Orion Platform2020.2.6 HF5 and prior versions – 2020.2.6 HF5
SolarWinds / SolarWinds Platform2022.3 and prior versions – 2022.3

References

MISChttps://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-4_release_notes.htm
VENDOR_ADVISORYhttps://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36962