First published: Wed Oct 19 2022(Updated: )
Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds Platform 2022.3 and previous.
Credit: psirt@solarwinds.com psirt@solarwinds.com
Affected Software | Affected Version | How to fix |
---|---|---|
SolarWinds Orion Platform | <2020.2.6 | |
SolarWinds Orion Platform | =2020.2.6 | |
SolarWinds Orion Platform | =2020.2.6-hotfix1 | |
SolarWinds Orion Platform | =2020.2.6-hotfix2 | |
SolarWinds Orion Platform | =2020.2.6-hotfix3 | |
SolarWinds Orion Platform | =2020.2.6-hotfix4 | |
SolarWinds Orion Platform | =2020.2.6-hotfix5 | |
SolarWinds Orion Platform | =2022.2 | |
SolarWinds Orion Platform | =2022.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-36966 is an insecure direct object reference (IDOR) vulnerability in SolarWinds Platform 2022.3 and previous, allowing users with Node Management rights to view and edit all nodes due to insufficient control on URL parameter.
The severity of CVE-2022-36966 is medium with a CVSS score of 5.4.
SolarWinds Orion Platform versions 2020.2.6, 2020.2.6-hotfix1, 2020.2.6-hotfix2, 2020.2.6-hotfix3, 2020.2.6-hotfix4, 2020.2.6-hotfix5, 2022.2, and 2022.3 are affected by CVE-2022-36966.
To fix CVE-2022-36966, update SolarWinds Orion Platform to version 2022.4 or later.
You can find more information about CVE-2022-36966 on the SolarWinds documentation website and the SolarWinds Trust Center security advisories.