Vulnerability Details CVE-2022-36966
Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds Platform 2022.3 and previous.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 43.9%
CVSS Severity
CVSS v3 Score 5.4
References
- https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-4_release_notes.htm
- https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36966
- https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-4_release_notes.htm
- https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36966
Products affected by CVE-2022-36966
-
cpe:2.3:a:solarwinds:orion_platform:2016.1
-
cpe:2.3:a:solarwinds:orion_platform:2016.2
-
cpe:2.3:a:solarwinds:orion_platform:2017.1
-
cpe:2.3:a:solarwinds:orion_platform:2017.3
-
cpe:2.3:a:solarwinds:orion_platform:2018.2
-
cpe:2.3:a:solarwinds:orion_platform:2018.4
-
cpe:2.3:a:solarwinds:orion_platform:2019.2
-
cpe:2.3:a:solarwinds:orion_platform:2019.4
-
cpe:2.3:a:solarwinds:orion_platform:2019.4.2
-
cpe:2.3:a:solarwinds:orion_platform:2020.2
-
cpe:2.3:a:solarwinds:orion_platform:2020.2.1
-
cpe:2.3:a:solarwinds:orion_platform:2020.2.4
-
cpe:2.3:a:solarwinds:orion_platform:2020.2.5
-
cpe:2.3:a:solarwinds:orion_platform:2020.2.6
-
cpe:2.3:a:solarwinds:orion_platform:2022.2
-
cpe:2.3:a:solarwinds:orion_platform:2022.3