Lucene search
HistoryOct 20, 2022 - 9:15 p.m.
CVE-2022-36957
solarwinds
deserialization
vulnerability
remote access
arbitrary commands
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
54.3%
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
Affected configurations
Node
solarwindsorion_platformRange<2020.2.6
ORsolarwindsorion_platformMatch2020.2.6-
ORsolarwindsorion_platformMatch2020.2.6hotfix1
ORsolarwindsorion_platformMatch2020.2.6hotfix2
ORsolarwindsorion_platformMatch2020.2.6hotfix3
ORsolarwindsorion_platformMatch2020.2.6hotfix4
ORsolarwindsorion_platformMatch2020.2.6hotfix5
ORsolarwindsorion_platformMatch2022.2
ORsolarwindsorion_platformMatch2022.3
Related
prion
prion
Deserialization of untrusted data
2022-10-20 21:15:00
cvelist
cvelist
CVE-2022-36957 SolarWinds Platform Deserialization of Untrusted Data
2022-10-19 00:00:00
cve
cve
CVE-2022-36957
2022-10-20 21:15:09
zdi
zdi
nessus
nessus
SolarWinds Orion Platform < 2022.4 Multiple Vulnerabilities
2022-10-27 00:00:00
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
54.3%
Related for NVD:CVE-2022-36957