vulnerability

SolarWinds Orion Platform: Insecure Direct Object Reference Vulnerability (CVE-2022-36966)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:N/AC:L/Au:S/C:P/I:P/A:N)	Oct 20, 2022	Jul 27, 2023	Jan 28, 2025

Severity

CVSS

(AV:N/AC:L/Au:S/C:P/I:P/A:N)

Published

Oct 20, 2022

Added

Jul 27, 2023

Modified

Jan 28, 2025

Description

Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds Platform 2022.3 and previous.

Solution

solarwinds-orion-platform-upgrade-latest

References

CVE-2022-36966
https://attackerkb.com/topics/CVE-2022-36966
URL-https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-4_release_notes.htm
URL-https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36966

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today