Lucene search

[email protected]NVD:CVE-2022-36963

HistoryApr 21, 2023 - 8:15 p.m.

CVE-2022-36963

2023-04-2120:15:07

CWE-94

[email protected]

web.nvd.nist.gov

solarwinds

platform

command injection

vulnerability

cve-2022-36963

remote adversary

admin account

arbitrary commands

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

44.7%

JSON

The SolarWinds Platform was susceptible to the Command Injection Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform admin account to execute arbitrary commands.

Affected configurations

Nvd

Node

solarwindsorion_platformRange<2023.2

VendorProductVersionCPE
solarwindsorion_platform*cpe:2.3:a:solarwinds:orion_platform:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
solarwinds	orion_platform	*	cpe:2.3:a:solarwinds:orion_platform::::::::

References

documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-2_release_notes.htm

www.solarwinds.com/trust-center/security-advisories/cve-2022-36963

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

44.7%

JSON

Related for NVD:CVE-2022-36963

cvelist1 cve1 zdi1 prion1 nessus1