CVE-2022-38111

HIGH7.2Insecure deserialization

High EPSS

Description

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

SolarWinds / SolarWinds Platform2022.4.1 and prior versions – 2022.4.1

References

MISChttps://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-1_release_notes.htm
VENDOR_ADVISORYhttps://www.solarwinds.com/trust-center/security-advisories/CVE-2022-38111