First published: Wed Nov 23 2022(Updated: )
Insecure method vulnerability in which allowed HTTP methods are disclosed. E.g., OPTIONS, DELETE, TRACE, and PUT
Credit: psirt@solarwinds.com psirt@solarwinds.com
Affected Software | Affected Version | How to fix |
---|---|---|
Solarwinds Security Event Manager | <2022.2 |
SolarWinds advises to upgrade to the latest version of SolarWinds SEM version 2022.4
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-38115 is an insecure method vulnerability in which allowed HTTP methods are disclosed, such as OPTIONS, DELETE, TRACE, and PUT.
The severity of CVE-2022-38115 is medium with a severity value of 5.3.
The Solarwinds Security Event Manager version 2022.2 and prior is affected by CVE-2022-38115.
To fix CVE-2022-38115, it is recommended to update to a version that addresses the vulnerability or apply patches provided by Solarwinds.
You can find more information about CVE-2022-38115 in the Solarwinds release notes and security advisories linked below: - [Solarwinds SEM 2022.4 Release Notes](https://documentation.solarwinds.com/en/success_center/sem/content/release_notes/sem_2022-4_release_notes.htm) - [Solarwinds Security Advisories](https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-38115)