Lucene search
HistoryFeb 15, 2023 - 7:15 p.m.
CVE-2022-47506
solarwinds
platform
directory traversal
vulnerability
local adversary
authenticated account
arbitrary commands
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0.002
Percentile
56.3%
SolarWinds Platform was susceptible to the Directory Traversal Vulnerability. This vulnerability allows a local adversary with authenticated account access to edit the default configuration, enabling the execution of arbitrary commands.
Affected configurations
Node
solarwindsorion_platformMatch2022.4.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| solarwinds | orion_platform | 2022.4.1 | cpe:2.3:a:solarwinds:orion_platform:2022.4.1:*:*:*:*:*:*:* |
Related
prion
prion
Directory traversal
2023-02-15 19:15:00
cve
cve
CVE-2022-47506
2023-02-15 19:15:12
zdi
zdi
cvelist
cvelist
CVE-2022-47506 SolarWinds Platform Directory Traversal Vulnerability
2023-02-15 00:00:00
nessus
nessus
SolarWinds Platform 2023.1 Multiple Vulnerabilities
2023-02-15 00:00:00
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0.002
Percentile
56.3%
Related for NVD:CVE-2022-47506