{"vulnerability": "CVE-2022-36966", "sightings": [{"uuid": "40229d96-3fd2-42b7-a326-84eef361f558", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36966", "type": "seen", "source": "https://t.me/cKure/10334", "content": "\u25a0\u25a0\u25a0\u25a0\u25a0 Insecure Direct Object Reference Vulnerability: SolarWinds Platform 2022.3 (CVE-2022-36966).\n\nhttps://www.solarwinds.com/trust-center/security-advisories/cve-2022-36966", "creation_timestamp": "2022-10-21T06:06:26.000000Z"}, {"uuid": "d88a1a5f-b695-4fca-a427-ff2d9a557314", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36966", "type": "seen", "source": "https://t.me/cKure/10076", "content": "\u25cf CVE-2022-36966 has been assigned as the Zero-Day for the escalation of privilege in Orion platform.\n\nThe exploit requires internal + initial access. Details will be shared as SolarWinds provides official feedback.\n\nThe vulnerability was identified by researcher 'Asim Khan' \ud83c\uddf5\ud83c\uddf0", "creation_timestamp": "2022-08-16T20:42:04.000000Z"}, {"uuid": "c075404b-1159-49ea-b0c0-8a291b193284", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36966", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/3626", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aCVE-2022-42046 Proof of Concept of wfshbr64.sys local privilege escalation via DKOM\nURL\uff1ahttps://github.com/Live-Hack-CVE/CVE-2022-36966\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-12-24T10:53:07.000000Z"}, {"uuid": "011e65b0-a4c3-48f1-aedc-02982847044f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36966", "type": "seen", "source": "https://t.me/ckuRED/205", "content": "Insecure Direct Object Reference Vulnerability: SolarWinds Platform 2022.3 (CVE-2022-36966). \n \nhttps://www.solarwinds.com/trust-center/security-advisories/cve-2022-36966", "creation_timestamp": "2022-10-21T06:06:55.000000Z"}, {"uuid": "8316aeee-815c-4d09-a52c-821adc49b4bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36966", "type": "published-proof-of-concept", "source": "https://t.me/BlueRedTeam/2565", "content": "#CVE-2022\nTOP All bugbounty pentesting CVE-2022- POC Exp\u00a0 RCE example payload\u00a0 Things\n\nhttps://github.com/Live-Hack-CVE/CVE-2022-20607\n\nTOP All bugbounty pentesting CVE-2022- POC Exp\u00a0 RCE example payload\u00a0 Things\n\nhttps://github.com/Live-Hack-CVE/CVE-2022-4646\n\nPoC for the CVE-2022-41082 Vulnerability Effecting Microsoft Exchange Servers\n\nhttps://github.com/balki97/CVE-2022-41082-POC\n\nCVE-2022-2602\n\nhttps://github.com/LukeGix/CVE-2022-2602\n\nCVE-2022-2602\nhttps://github.com/Live-Hack-CVE/CVE-2022-4633\n\nTOP All bugbounty pentesting CVE-2022- POC Exp\u00a0 RCE example payload\u00a0 Things\n\nhttps://github.com/Live-Hack-CVE/CVE-2022-25574\n\nCVE-2022-42046 Proof of Concept of wfshbr64.sys local privilege escalation via DKOM\n\nhttps://github.com/Live-Hack-CVE/CVE-2022-36966\n\n@BlueRedTeam", "creation_timestamp": "2023-01-29T12:39:15.000000Z"}, {"uuid": "0f0b9cfa-f368-40e7-a1eb-573f946fb351", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36966", "type": "seen", "source": "https://t.me/cibsecurity/51910", "content": "\u203c CVE-2022-36966 \u203c\n\nUsers with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds Platform 2022.3 and previous.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-21T00:29:54.000000Z"}]}