Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2022-AVI-1051
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits SolarWinds. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SolarWinds | N/A | Engineer’s Toolset (ETS) versions antérieures à 2022.4 Desktop | ||
| SolarWinds | Serv-U | Serv-U versions antérieures à 15.3.2 | ||
| SolarWinds | Orion Platform | Orion Platform versions 2020.2.6 HF5 et antérieures | ||
| SolarWinds | Platform | SolarWinds Platform versions antérieures à 2022.4 | ||
| SolarWinds | N/A | Security Event Manager (SEM) versions antérieures à 2022.4 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Engineer\u2019s Toolset (ETS) versions ant\u00e9rieures \u00e0 2022.4 Desktop",
"product": {
"name": "N/A",
"vendor": {
"name": "SolarWinds",
"scada": false
}
}
},
{
"description": "Serv-U versions ant\u00e9rieures \u00e0 15.3.2",
"product": {
"name": "Serv-U",
"vendor": {
"name": "SolarWinds",
"scada": false
}
}
},
{
"description": "Orion Platform versions 2020.2.6 HF5 et ant\u00e9rieures",
"product": {
"name": "Orion Platform",
"vendor": {
"name": "SolarWinds",
"scada": false
}
}
},
{
"description": "SolarWinds Platform versions ant\u00e9rieures \u00e0 2022.4",
"product": {
"name": "Platform",
"vendor": {
"name": "SolarWinds",
"scada": false
}
}
},
{
"description": "Security Event Manager (SEM) versions ant\u00e9rieures \u00e0 2022.4",
"product": {
"name": "N/A",
"vendor": {
"name": "SolarWinds",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-36964",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36964"
},
{
"name": "CVE-2022-36962",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36962"
},
{
"name": "CVE-2022-38115",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38115"
},
{
"name": "CVE-2022-38114",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38114"
},
{
"name": "CVE-2022-38113",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38113"
},
{
"name": "CVE-2022-38106",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38106"
},
{
"name": "CVE-2022-36960",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36960"
},
{
"name": "CVE-2021-35246",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35246"
}
],
"initial_release_date": "2022-11-23T00:00:00",
"last_revision_date": "2022-11-23T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-1051",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-11-23T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSolarWinds. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un contournement\nde la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SolarWinds",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SolarWinds cve-2022-38113 du 22 novembre 2022",
"url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2022-38113"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SolarWinds cve-2022-36960 du 22 novembre 2022",
"url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2022-36960"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SolarWinds cve-2022-38106 du 22 novembre 2022",
"url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2022-38106"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SolarWinds cve-2022-38114 du 22 novembre 2022",
"url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2022-38114"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SolarWinds cve-2022-38115 du 22 novembre 2022",
"url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2022-38115"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SolarWinds cve-2022-36962 du 22 novembre 2022",
"url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2022-36962"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SolarWinds cve-2021-35246 du 22 novembre 2022",
"url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35246"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SolarWinds cve-2022-36964 du 22 novembre 2022",
"url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2022-36964"
}
]
}
CVE-2022-38114 (GCVE-0-2022-38114)
Vulnerability from cvelistv5
Published
2022-11-23 00:00
Modified
2025-04-25 20:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
This vulnerability occurs when a web server fails to correctly process the Content-Length of POST requests. This can lead to HTTP request smuggling or XSS.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SolarWinds | SolarWinds SEM |
Version: 2022.2 and previous versions < 2022.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:45:52.893Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://documentation.solarwinds.com/en/success_center/sem/content/release_notes/sem_2022-4_release_notes.htm"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-38114"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-38114",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-25T20:28:05.332246Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-25T20:28:24.632Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SolarWinds SEM ",
"vendor": "SolarWinds ",
"versions": [
{
"lessThan": "2022.4 ",
"status": "affected",
"version": "2022.2 and previous versions ",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "SolarWinds would like to thank Ken Pyle of CYBIR for disclosing this vulnerability to us responsibly. "
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThis vulnerability occurs when a web server fails to correctly process the Content-Length of POST requests. This can lead to HTTP request smuggling or XSS.\u003c/p\u003e"
}
],
"value": "This vulnerability occurs when a web server fails to correctly process the Content-Length of POST requests. This can lead to HTTP request smuggling or XSS.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-444",
"description": "CWE-444 Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-03T20:34:47.136Z",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"url": "https://documentation.solarwinds.com/en/success_center/sem/content/release_notes/sem_2022-4_release_notes.htm"
},
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-38114"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSolarWinds advises to upgrade to the latest version of SolarWinds SEM version 2022.4\u003c/p\u003e"
}
],
"value": "SolarWinds advises to upgrade to the latest version of SolarWinds SEM version 2022.4\n\n"
}
],
"source": {
"advisory": "CVE-2022-38114",
"discovery": "EXTERNAL"
},
"title": "Client-Side Desync Vulnerability ",
"x_generator": {
"engine": "vulnogram 0.1.0-rc1"
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2022-38114",
"datePublished": "2022-11-23T00:00:00.000Z",
"dateReserved": "2022-08-09T00:00:00.000Z",
"dateUpdated": "2025-04-25T20:28:24.632Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-36962 (GCVE-0-2022-36962)
Vulnerability from cvelistv5
Published
2022-11-29 20:46
Modified
2025-04-25 14:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
SolarWinds Platform was susceptible to Command Injection. This vulnerability allows a remote adversary with complete control over the SolarWinds database to execute arbitrary commands.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| SolarWinds | SolarWinds Platform |
Version: 2022.3 and prior versions < |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.342Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-4_release_notes.htm"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36962"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-36962",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-25T14:41:52.205145Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-25T14:42:00.235Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SolarWinds Platform",
"vendor": "SolarWinds",
"versions": [
{
"lessThanOrEqual": "2022.3",
"status": "affected",
"version": "2022.3 and prior versions",
"versionType": "custom"
}
]
},
{
"product": "Orion Platform",
"vendor": "SolarWinds",
"versions": [
{
"lessThanOrEqual": "2020.2.6 HF5",
"status": "affected",
"version": "2020.2.6 HF5 and prior versions",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "SolarWinds would like to thank Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative for reporting on the issue in a responsible manner."
}
],
"datePublic": "2022-11-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SolarWinds Platform was susceptible to Command Injection. This vulnerability allows a remote adversary with complete control over the SolarWinds database to execute arbitrary commands."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-29T00:00:00.000Z",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-4_release_notes.htm"
},
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36962"
}
],
"solutions": [
{
"lang": "en",
"value": "All SolarWinds Platform customers are advised to upgrade to the latest version of the SolarWinds Platform version 2022.4"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SolarWinds Platform Command Injection",
"x_generator": {
"engine": "vulnogram 0.1.0-rc1"
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2022-36962",
"datePublished": "2022-11-29T20:46:18.482Z",
"dateReserved": "2022-07-27T00:00:00.000Z",
"dateUpdated": "2025-04-25T14:42:00.235Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-36964 (GCVE-0-2022-36964)
Vulnerability from cvelistv5
Published
2022-11-29 20:47
Modified
2025-04-25 14:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-502 - Deserialization of Untrusted Data
Summary
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| SolarWinds | SolarWinds Platform |
Version: 2022.3 and prior versions < |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.335Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-4_release_notes.htm"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36964"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-36964",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-25T14:41:05.258353Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-25T14:41:14.527Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SolarWinds Platform",
"vendor": "SolarWinds",
"versions": [
{
"lessThanOrEqual": "2022.3",
"status": "affected",
"version": "2022.3 and prior versions",
"versionType": "custom"
}
]
},
{
"product": "Orion Platform",
"vendor": "SolarWinds",
"versions": [
{
"lessThanOrEqual": "2020.2.6 HF5",
"status": "affected",
"version": "2020.2.6 HF5 and prior versions",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "SolarWinds would like to thank Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative for reporting on the issue in a responsible manner."
}
],
"datePublic": "2022-11-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-29T00:00:00.000Z",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-4_release_notes.htm"
},
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36964"
}
],
"solutions": [
{
"lang": "en",
"value": "All SolarWinds Platform customers are advised to upgrade to the latest version of the SolarWinds Platform version 2022.4"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SolarWinds Platform Deserialization of Untrusted Data",
"x_generator": {
"engine": "vulnogram 0.1.0-rc1"
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2022-36964",
"datePublished": "2022-11-29T20:47:49.978Z",
"dateReserved": "2022-07-27T00:00:00.000Z",
"dateUpdated": "2025-04-25T14:41:14.527Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-35246 (GCVE-0-2021-35246)
Vulnerability from cvelistv5
Published
2022-11-23 16:48
Modified
2025-04-25 18:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-319 - Inappropriate Encoding for Output Context
Summary
The application fails to prevent users from connecting to it over unencrypted connections. An attacker able to modify a legitimate user's network traffic could bypass the application's use of SSL/TLS encryption and use the application as a platform for attacks against its users.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SolarWinds | Engineer's Toolset |
Version: 2022.3 and previous versions |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:33:51.305Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35246",
"tags": [
"x_transferred"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35246"
},
{
"name": "https://documentation.solarwinds.com/en/success_center/ets/content/release_notes/ets_2022-4_release_notes.htm",
"tags": [
"x_transferred"
],
"url": "https://documentation.solarwinds.com/en/success_center/ets/content/release_notes/ets_2022-4_release_notes.htm"
},
{
"name": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35246",
"tags": [
"x_transferred"
],
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35246"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-35246",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-25T18:18:35.891700Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-25T18:18:44.414Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Engineer\u0027s Toolset",
"vendor": "SolarWinds",
"versions": [
{
"status": "affected",
"version": "2022.3 and previous versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Justo Socarras"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The application fails to prevent users from connecting to it over unencrypted connections. An attacker able to modify a legitimate user\u0027s network traffic could bypass the application\u0027s use of SSL/TLS encryption and use the application as a platform for attacks against its users."
}
],
"value": "The application fails to prevent users from connecting to it over unencrypted connections. An attacker able to modify a legitimate user\u0027s network traffic could bypass the application\u0027s use of SSL/TLS encryption and use the application as a platform for attacks against its users."
}
],
"impacts": [
{
"capecId": "CAPEC-94",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-94 Man in the Middle Attack"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Inappropriate Encoding for Output Context",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-23T12:45:14.632Z",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"name": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35246",
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35246"
},
{
"name": "https://documentation.solarwinds.com/en/success_center/ets/content/release_notes/ets_2022-4_release_notes.htm",
"url": "https://documentation.solarwinds.com/en/success_center/ets/content/release_notes/ets_2022-4_release_notes.htm"
},
{
"name": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35246",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35246"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SolarWinds recommends to upgrade to the latest available version of Engineer\u0027s Toolset.\u0026nbsp;\u003cbr\u003e"
}
],
"value": "SolarWinds recommends to upgrade to the latest available version of Engineer\u0027s Toolset.\u00a0\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unprotected Transport of Credentials (HSTS) Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2021-35246",
"datePublished": "2022-11-23T16:48:18.061Z",
"dateReserved": "2021-06-22T00:00:00.000Z",
"dateUpdated": "2025-04-25T18:18:44.414Z",
"serial": 1,
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-38115 (GCVE-0-2022-38115)
Vulnerability from cvelistv5
Published
2022-11-23 00:00
Modified
2025-04-24 19:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Insecure method vulnerability in which allowed HTTP methods are disclosed. E.g., OPTIONS, DELETE, TRACE, and PUT
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SolarWinds | SolarWinds SEM |
Version: 2022.2 and previous versions < 2022.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:45:52.561Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://documentation.solarwinds.com/en/success_center/sem/content/release_notes/sem_2022-4_release_notes.htm"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-38115"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-38115",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-24T19:20:39.443430Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-24T19:20:55.843Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SolarWinds SEM ",
"vendor": "SolarWinds ",
"versions": [
{
"lessThan": "2022.4 ",
"status": "affected",
"version": "2022.2 and previous versions ",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eInsecure method vulnerability in which allowed HTTP methods are disclosed. E.g., OPTIONS, DELETE, TRACE, and PUT\u003c/p\u003e"
}
],
"value": "Insecure method vulnerability in which allowed HTTP methods are disclosed. E.g., OPTIONS, DELETE, TRACE, and PUT\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-650",
"description": "CWE-650",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-03T18:00:13.291Z",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"url": "https://documentation.solarwinds.com/en/success_center/sem/content/release_notes/sem_2022-4_release_notes.htm"
},
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-38115"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSolarWinds advises to upgrade to the latest version of SolarWinds SEM version 2022.4\u003c/p\u003e"
}
],
"value": "SolarWinds advises to upgrade to the latest version of SolarWinds SEM version 2022.4\n\n"
}
],
"source": {
"advisory": "CVE-2022-38115",
"discovery": "EXTERNAL"
},
"title": "Insecure Methods Vulnerability",
"x_generator": {
"engine": "vulnogram 0.1.0-rc1"
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2022-38115",
"datePublished": "2022-11-23T00:00:00.000Z",
"dateReserved": "2022-08-09T00:00:00.000Z",
"dateUpdated": "2025-04-24T19:20:55.843Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-38113 (GCVE-0-2022-38113)
Vulnerability from cvelistv5
Published
2022-11-23 00:00
Modified
2025-04-25 20:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Summary
This vulnerability discloses build and services versions in the server response header.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SolarWinds | SolarWinds SEM |
Version: 2022.2 and previous versions < 2022.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:45:52.483Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://documentation.solarwinds.com/en/success_center/sem/content/release_notes/sem_2022-4_release_notes.htm"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-38113"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-38113",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-25T20:29:07.746617Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-25T20:29:42.075Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SolarWinds SEM ",
"vendor": "SolarWinds ",
"versions": [
{
"lessThan": "2022.4 ",
"status": "affected",
"version": "2022.2 and previous versions ",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThis vulnerability discloses build and services versions in the server response header.\u003c/p\u003e"
}
],
"value": "This vulnerability discloses build and services versions in the server response header.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-03T17:57:50.956Z",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"url": "https://documentation.solarwinds.com/en/success_center/sem/content/release_notes/sem_2022-4_release_notes.htm"
},
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-38113"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSolarWinds advises to upgrade to the latest version of SolarWinds SEM version 2022.4\u003c/p\u003e"
}
],
"value": "SolarWinds advises to upgrade to the latest version of SolarWinds SEM version 2022.4\n\n"
}
],
"source": {
"advisory": "CVE-2022-38113",
"discovery": "EXTERNAL"
},
"title": "Information Disclosure Vulnerability ",
"x_generator": {
"engine": "vulnogram 0.1.0-rc1"
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2022-38113",
"datePublished": "2022-11-23T00:00:00.000Z",
"dateReserved": "2022-08-09T00:00:00.000Z",
"dateUpdated": "2025-04-25T20:29:42.075Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-38106 (GCVE-0-2022-38106)
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 10:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
This vulnerability happens in the web client versions 15.3.0 to Serv-U 15.3.1. This vulnerability affects the directory creation function.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SolarWinds | Serv-U File Server |
Version: 15.3.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-38106",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-15T13:23:01.263837Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T20:33:42.146Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:45:52.842Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-38106",
"tags": [
"x_transferred"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-38106"
},
{
"name": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=%20CVE-2022-38106",
"tags": [
"x_transferred"
],
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=%20CVE-2022-38106"
},
{
"name": "https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-3-2_release_notes.htm",
"tags": [
"x_transferred"
],
"url": "https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-3-2_release_notes.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Serv-U File Server",
"vendor": "SolarWinds",
"versions": [
{
"status": "affected",
"version": "15.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nThis vulnerability happens in the web client versions 15.3.0 to Serv-U 15.3.1. This vulnerability affects the directory creation function. \n\n"
}
],
"value": "\nThis vulnerability happens in the web client versions 15.3.0 to Serv-U 15.3.1. This vulnerability affects the directory creation function. \n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T00:27:54.327174Z",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"name": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-38106",
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-38106"
},
{
"name": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=%20CVE-2022-38106",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=%20CVE-2022-38106"
},
{
"name": "https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-3-2_release_notes.htm",
"url": "https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-3-2_release_notes.htm"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nSolarWinds advises to upgrade to the latest version of Serv-U File Server 15.3.2 once became generally available.\n\n\u003cbr\u003e"
}
],
"value": "\nSolarWinds advises to upgrade to the latest version of Serv-U File Server 15.3.2 once became generally available.\n\n\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Cross-Site Scripting Vulnerability in Serv-U Web Client ",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2022-38106",
"datePublished": "2022-12-16T00:00:00",
"dateReserved": "2022-08-09T00:00:00",
"dateUpdated": "2024-08-03T10:45:52.842Z",
"serial": 1,
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-36960 (GCVE-0-2022-36960)
Vulnerability from cvelistv5
Published
2022-11-29 20:43
Modified
2025-04-24 17:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
SolarWinds Platform was susceptible to Improper Input Validation. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to escalate user privileges.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| SolarWinds | SolarWinds Platform |
Version: 2022.3 and prior versions < 2022.3 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.333Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36960"
},
{
"tags": [
"x_transferred"
],
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-4_release_notes.htm"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-36960",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-24T17:46:32.884693Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-24T17:46:45.937Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SolarWinds Platform",
"vendor": "SolarWinds",
"versions": [
{
"lessThan": "2022.3",
"status": "affected",
"version": "2022.3 and prior versions",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Orion Platform",
"vendor": "SolarWinds",
"versions": [
{
"lessThanOrEqual": "2020.2.6 HF5",
"status": "affected",
"version": "2020.2.6 HF5 and prior versions",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "SolarWinds would like to thank Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative for reporting on the issue in a responsible manner."
}
],
"datePublic": "2022-11-21T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSolarWinds Platform was susceptible to Improper Input Validation. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to escalate user privileges.\u003c/p\u003e"
}
],
"value": "SolarWinds Platform was susceptible to Improper Input Validation. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to escalate user privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-03T20:34:08.739Z",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36960"
},
{
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-4_release_notes.htm"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAll SolarWinds Platform customers are advised to upgrade to the latest version of the SolarWinds Platform version 2022.4\u003c/p\u003e"
}
],
"value": "All SolarWinds Platform customers are advised to upgrade to the latest version of the SolarWinds Platform version 2022.4"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SolarWinds Platform Improper Input Validation",
"x_generator": {
"engine": "vulnogram 0.1.0-rc1"
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2022-36960",
"datePublished": "2022-11-29T20:43:38.388Z",
"dateReserved": "2022-07-27T00:00:00.000Z",
"dateUpdated": "2025-04-24T17:46:45.937Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…