First published: Wed Nov 23 2022(Updated: )
This vulnerability occurs when a web server fails to correctly process the Content-Length of POST requests. This can lead to HTTP request smuggling or XSS.
Credit: psirt@solarwinds.com psirt@solarwinds.com
Affected Software | Affected Version | How to fix |
---|---|---|
Solarwinds Security Event Manager | <2022.4 |
SolarWinds advises to upgrade to the latest version of SolarWinds SEM version 2022.4
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-38114 is a vulnerability that occurs when a web server fails to correctly process the Content-Length of POST requests, leading to HTTP request smuggling or XSS.
Solarwinds Security Event Manager versions up to and excluding 2022.4 are affected by CVE-2022-38114.
CVE-2022-38114 has a severity value of 6.1, which is classified as medium.
To fix CVE-2022-38114, it is recommended to update Solarwinds Security Event Manager to version 2022.4 or later.
More information about CVE-2022-38114 can be found in the release notes for Solarwinds Security Event Manager version 2022.4 and in the Solarwinds security advisories.