CVE-2022-36966

EUVD-2022-39623
Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds Platform 2022.3 and previous.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
SolarWindsCNA
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 54%
Affected Products (NVD)
VendorProductVersion
solarwindsorion_platform
𝑥
< 2020.2.6
solarwindsorion_platform
2020.2.6
solarwindsorion_platform
2020.2.6:hotfix1
solarwindsorion_platform
2020.2.6:hotfix2
solarwindsorion_platform
2020.2.6:hotfix3
solarwindsorion_platform
2020.2.6:hotfix4
solarwindsorion_platform
2020.2.6:hotfix5
solarwindsorion_platform
2022.2
solarwindsorion_platform
2022.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-4_release_notes.htm
https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36966
https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-4_release_notes.htm
https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36966