5.4
CVE-2022-36966
- EPSS 0.32%
- Veröffentlicht 20.10.2022 21:15:10
- Zuletzt bearbeitet 07.05.2025 21:15:55
- Quelle psirt@solarwinds.com
- CVE-Watchlists
- Unerledigt
LoginUsers with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds Platform 2022.3 and previous.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Solarwinds ≫ Orion Platform Version < 2020.2.6
Solarwinds ≫ Orion Platform Version2020.2.6 Update-
Solarwinds ≫ Orion Platform Version2020.2.6 Updatehotfix1
Solarwinds ≫ Orion Platform Version2020.2.6 Updatehotfix2
Solarwinds ≫ Orion Platform Version2020.2.6 Updatehotfix3
Solarwinds ≫ Orion Platform Version2020.2.6 Updatehotfix4
Solarwinds ≫ Orion Platform Version2020.2.6 Updatehotfix5
Solarwinds ≫ Orion Platform Version2022.2
Solarwinds ≫ Orion Platform Version2022.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.32% | 0.546 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.4 | 2.8 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
|
| psirt@solarwinds.com | 5.4 | 2.8 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
|
CWE-639 Authorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.