Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2022-AVI-939
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits SolarWinds. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur et une exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SolarWinds | Orion Platform | Orion Platform versions 2020.2.6 HF5 et antérieures | ||
| SolarWinds | Platform | SolarWinds Platform versions antérieures à 2022.4 RC1 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Orion Platform versions 2020.2.6 HF5 et ant\u00e9rieures",
"product": {
"name": "Orion Platform",
"vendor": {
"name": "SolarWinds",
"scada": false
}
}
},
{
"description": "SolarWinds Platform versions ant\u00e9rieures \u00e0 2022.4 RC1",
"product": {
"name": "Platform",
"vendor": {
"name": "SolarWinds",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-36958",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36958"
},
{
"name": "CVE-2022-36966",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36966"
},
{
"name": "CVE-2022-36957",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36957"
},
{
"name": "CVE-2022-38108",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38108"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-939",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-10-20T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSolarWinds. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de\ns\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur et une ex\u00e9cution de code arbitraire\n\u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SolarWinds",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SolarWinds cve-2022-38108 du 19 octobre 2022",
"url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2022-38108"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SolarWinds cve-2022-36966 du 19 octobre 2022",
"url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2022-36966"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SolarWinds cve-2022-36957 du 19 octobre 2022",
"url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2022-36957"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SolarWinds cve-2022-36958 du 19 octobre 2022",
"url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2022-36958"
}
]
}
CVE-2022-36966 (GCVE-0-2022-36966)
Vulnerability from cvelistv5 – Published: 2022-10-20 20:05 – Updated: 2025-05-07 20:49
VLAI?
EPSS
Summary
Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds Platform 2022.3 and previous.
Severity ?
5.4 (Medium)
CWE
- Insecure Direct Object Reference Vulnerability: Orion Platform 2020.2.6
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SolarWinds | SolarWinds Platform |
Affected:
2022.3 and previous , < 2022.3
(custom)
|
Credits
Asim Liaquat
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.223Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-4_release_notes.htm"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36966"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-36966",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-07T20:49:47.424331Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T20:49:50.846Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "SolarWinds Platform",
"vendor": "SolarWinds",
"versions": [
{
"lessThan": "2022.3",
"status": "affected",
"version": "2022.3 and previous",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Asim Liaquat"
}
],
"datePublic": "2022-10-18T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUsers with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds Platform 2022.3 and previous.\u003c/p\u003e"
}
],
"value": "Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds Platform 2022.3 and previous."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insecure Direct Object Reference Vulnerability: Orion Platform 2020.2.6",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-03T16:58:36.397Z",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-4_release_notes.htm"
},
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36966"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Insecure Direct Object Reference Vulnerability: Orion Platform 2020.2.6",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2022-36966",
"datePublished": "2022-10-20T20:05:35.645Z",
"dateReserved": "2022-07-27T00:00:00.000Z",
"dateUpdated": "2025-05-07T20:49:50.846Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-36958 (GCVE-0-2022-36958)
Vulnerability from cvelistv5 – Published: 2022-10-20 20:10 – Updated: 2025-05-08 13:25
VLAI?
EPSS
Summary
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands.
Severity ?
8.8 (High)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| SolarWinds | SolarWinds Platform |
Affected:
unspecified , ≤ 2022.3 and prior versions
(custom)
|
|||||||
|
|||||||||
Credits
SolarWinds would like to thank Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative for reporting on the issue in a responsible manner.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.213Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36958"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-17567"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-36958",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T13:25:42.786016Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T13:25:48.824Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SolarWinds Platform",
"vendor": "SolarWinds",
"versions": [
{
"lessThanOrEqual": "2022.3 and prior versions",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Orion Platform",
"vendor": "SolarWinds",
"versions": [
{
"lessThanOrEqual": "2020.2.6 HF5 and prior versions",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "SolarWinds would like to thank Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative for reporting on the issue in a responsible manner."
}
],
"datePublic": "2022-10-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-20T00:00:00.000Z",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36958"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-17567"
}
],
"solutions": [
{
"lang": "en",
"value": "SolarWinds recommends customers upgrade to SolarWinds Platform version 2022.4 as soon as possible."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SolarWinds Platform Deserialization of Untrusted Data",
"workarounds": [
{
"lang": "en",
"value": "SolarWinds recommends customers upgrade to SolarWinds Platform version 2022.4 as soon as it becomes available. The expected RC release is at the end of October. SolarWinds also recommends that customers follow the guidance provided in the SolarWinds Secure Configuration Guide (https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm). Ensure only authorized users can access the SolarWinds Platform."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2022-36958",
"datePublished": "2022-10-20T20:10:01.367Z",
"dateReserved": "2022-07-27T00:00:00.000Z",
"dateUpdated": "2025-05-08T13:25:48.824Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-36957 (GCVE-0-2022-36957)
Vulnerability from cvelistv5 – Published: 2022-10-20 20:08 – Updated: 2025-05-05 20:01
VLAI?
EPSS
Summary
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
Severity ?
7.2 (High)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| SolarWinds | SolarWinds Platform |
Affected:
unspecified , ≤ 2022.3 and prior versions
(custom)
|
|||||||
|
|||||||||
Credits
SolarWinds would like to thank Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative for reporting on the issue in a responsible manner.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.186Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36957"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-17530"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-36957",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-05T20:01:13.076756Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T20:01:34.955Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SolarWinds Platform",
"vendor": "SolarWinds",
"versions": [
{
"lessThanOrEqual": "2022.3 and prior versions",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Orion Platform",
"vendor": "SolarWinds",
"versions": [
{
"lessThanOrEqual": "2020.2.6 HF5 and prior versions",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "SolarWinds would like to thank Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative for reporting on the issue in a responsible manner."
}
],
"datePublic": "2022-10-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-20T00:00:00.000Z",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36957"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-17530"
}
],
"solutions": [
{
"lang": "en",
"value": "SolarWinds recommends customers upgrade to SolarWinds Platform version 2022.4 as soon as possible."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SolarWinds Platform Deserialization of Untrusted Data",
"workarounds": [
{
"lang": "en",
"value": "SolarWinds recommends customers upgrade to SolarWinds Platform version 2022.4 as soon as it becomes available. The expected RC release is at the end of October. SolarWinds also recommends that customers follow the guidance provided in the SolarWinds Secure Configuration Guide (https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm). Ensure only authorized users can access the SolarWinds Platform. Special attention should be given to the following points from documentation: \n\u2022\tBe careful not to expose your SolarWinds Platform website on the public Internet. If you must enable outbound Internet access from SolarWinds Servers, create a strict allow list and block all other traffic. See SolarWinds Platform Product Features Affected by Internet Access (https://support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-Product-Features-Affected-by-Internet-Access). \n\u2022\tDisable unnecessary ports, protocols, and services on your host operating system and on applications, like SQL Server. For more details, see the SolarWinds Port Requirements guide (https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-solarwinds-port-requirements.htm) and Best practices for configuring Windows Defender Firewall (\u00a9 2021 Microsoft, available at https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-firewall/best-practices-configuring, obtained on January 13, 2021.) \n\u2022\tApply proper segmentation controls on the network where you have deployed the SolarWinds Platform and SQL Server instances. \n\u2022\tConfigure the firewall for the main polling engine to limit and restrict all inbound and outbound access for port 5671. Port 5671 should only communicate to your other SolarWinds Servers (in case of High Availability, both Active and Standby Primary Polling Engine Servers). You can check these by querying the OrionServers table in the SolarWinds Platform database. Ensure this rule is updated when the configuration of SolarWinds Platform changes, for example when you add new servers."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2022-36957",
"datePublished": "2022-10-20T20:08:04.993Z",
"dateReserved": "2022-07-27T00:00:00.000Z",
"dateUpdated": "2025-05-05T20:01:34.955Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-38108 (GCVE-0-2022-38108)
Vulnerability from cvelistv5 – Published: 2022-10-20 20:11 – Updated: 2025-05-08 15:22
VLAI?
EPSS
Summary
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
Severity ?
7.2 (High)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| SolarWinds | SolarWinds Platform |
Affected:
unspecified , ≤ 2022.3 and prior versions
(custom)
|
|||||||
|
|||||||||
Credits
SolarWinds would like to thank Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative for reporting on the issue in a responsible manner.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:45:52.518Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-38108"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-17531"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/171567/SolarWinds-Information-Service-SWIS-Remote-Command-Execution.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-38108",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T15:22:04.833139Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T15:22:21.153Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://packetstorm.news/files/id/171567"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SolarWinds Platform",
"vendor": "SolarWinds",
"versions": [
{
"lessThanOrEqual": "2022.3 and prior versions",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Orion Platform",
"vendor": "SolarWinds",
"versions": [
{
"lessThanOrEqual": "2020.2.6 HF5 and prior versions",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "SolarWinds would like to thank Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative for reporting on the issue in a responsible manner."
}
],
"datePublic": "2022-10-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-28T00:00:00.000Z",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-38108"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-17531"
},
{
"url": "http://packetstormsecurity.com/files/171567/SolarWinds-Information-Service-SWIS-Remote-Command-Execution.html"
}
],
"solutions": [
{
"lang": "en",
"value": "SolarWinds recommends customers upgrade to SolarWinds Platform version 2022.4 as soon as possible."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SolarWinds Platform Deserialization of Untrusted Data",
"workarounds": [
{
"lang": "en",
"value": "SolarWinds recommends customers upgrade to SolarWinds Platform version 2022.4 as soon as it becomes available. The expected RC release is at the end of October. SolarWinds also recommends that customers follow the guidance provided in the SolarWinds Secure Configuration Guide (https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm). Ensure only authorized users can access the SolarWinds Platform. Special attention should be given to the following points from documentation: \n\u2022\tBe careful not to expose your SolarWinds Platform website on the public Internet. If you must enable outbound Internet access from SolarWinds Servers, create a strict allow list and block all other traffic. See SolarWinds Platform Product Features Affected by Internet Access (https://support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-Product-Features-Affected-by-Internet-Access). \n\u2022\tDisable unnecessary ports, protocols, and services on your host operating system and on applications, like SQL Server. For more details, see the SolarWinds Port Requirements guide (https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-solarwinds-port-requirements.htm) and Best practices for configuring Windows Defender Firewall (\u00a9 2021 Microsoft, available at https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-firewall/best-practices-configuring, obtained on January 13, 2021.) \n\u2022\tApply proper segmentation controls on the network where you have deployed the SolarWinds Platform and SQL Server instances. \n\u2022\tConfigure the firewall for the main polling engine to limit and restrict all inbound and outbound access for port 5671. Port 5671 should only communicate to your other SolarWinds Servers (in case of High Availability, both Active and Standby Primary Polling Engine Servers). You can check these by querying the OrionServers table in the SolarWinds Platform database. Ensure this rule is updated when the configuration of SolarWinds Platform changes, for example when you add new servers."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2022-38108",
"datePublished": "2022-10-20T20:11:25.181Z",
"dateReserved": "2022-08-09T00:00:00.000Z",
"dateUpdated": "2025-05-08T15:22:21.153Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…