Vulnerability Details CVE-2022-38108
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.846
EPSS Ranking 99.3%
CVSS Severity
CVSS v3 Score 7.2
References
- http://packetstormsecurity.com/files/171567/SolarWinds-Information-Service-SWIS-Remote-Command-Execution.html
- https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-38108
- https://www.zerodayinitiative.com/advisories/ZDI-CAN-17531
- http://packetstormsecurity.com/files/171567/SolarWinds-Information-Service-SWIS-Remote-Command-Execution.html
- https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-38108
- https://www.zerodayinitiative.com/advisories/ZDI-CAN-17531
Products affected by CVE-2022-38108
-
cpe:2.3:a:solarwinds:orion_platform:2016.1
-
cpe:2.3:a:solarwinds:orion_platform:2016.2
-
cpe:2.3:a:solarwinds:orion_platform:2017.1
-
cpe:2.3:a:solarwinds:orion_platform:2017.3
-
cpe:2.3:a:solarwinds:orion_platform:2018.2
-
cpe:2.3:a:solarwinds:orion_platform:2018.4
-
cpe:2.3:a:solarwinds:orion_platform:2019.2
-
cpe:2.3:a:solarwinds:orion_platform:2019.4
-
cpe:2.3:a:solarwinds:orion_platform:2019.4.2
-
cpe:2.3:a:solarwinds:orion_platform:2020.2
-
cpe:2.3:a:solarwinds:orion_platform:2020.2.1
-
cpe:2.3:a:solarwinds:orion_platform:2020.2.4
-
cpe:2.3:a:solarwinds:orion_platform:2020.2.5
-
cpe:2.3:a:solarwinds:orion_platform:2020.2.6
-
cpe:2.3:a:solarwinds:orion_platform:2022.2
-
cpe:2.3:a:solarwinds:orion_platform:2022.3