8.8
CVE-2022-36960
- EPSS 0.29%
- Veröffentlicht 29.11.2022 21:15:10
- Zuletzt bearbeitet 21.11.2024 07:14:09
- Quelle psirt@solarwinds.com
- CVE-Watchlists
- Unerledigt
LoginSolarWinds Platform was susceptible to Improper Input Validation. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to escalate user privileges.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Solarwinds ≫ Orion Platform Version < 2020.2.6
Solarwinds ≫ Orion Platform Version2020.2.6 Update-
Solarwinds ≫ Orion Platform Version2020.2.6 Updatehotfix1
Solarwinds ≫ Orion Platform Version2020.2.6 Updatehotfix2
Solarwinds ≫ Orion Platform Version2020.2.6 Updatehotfix3
Solarwinds ≫ Orion Platform Version2020.2.6 Updatehotfix4
Solarwinds ≫ Orion Platform Version2020.2.6 Updatehotfix5
Solarwinds ≫ Orion Platform Version2022.2
Solarwinds ≫ Orion Platform Version2022.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.29% | 0.521 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| psirt@solarwinds.com | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.