Search

Find a vulnerability

Search criteria

    54 vulnerabilities found for Orion Platform by SolarWinds

    CERTFR-2022-AVI-1123

    Vulnerability from certfr_avis - Published: 2022-12-22 - Updated: 2022-12-22

    De multiples vulnérabilités ont été découvertes dans les produits SolarWinds. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité et une atteinte à la confidentialité des données.

    Solution

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    None
    Impacted products
    Vendor Product Description
    SolarWinds Orion Platform SolarWinds Platform (anciennement Orion Platform) versions antérieures à 2022.4.1
    SolarWinds N/A Hybrid Cloud Observability versions antérieures à 2022.4.1
    SolarWinds Serv-U Serv-U FTP Server versions antérieures à 15.3.2
    References

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "SolarWinds Platform (anciennement Orion Platform) versions ant\u00e9rieures \u00e0 2022.4.1",
          "product": {
            "name": "Orion Platform",
            "vendor": {
              "name": "SolarWinds",
              "scada": false
            }
          }
        },
        {
          "description": "Hybrid Cloud Observability versions ant\u00e9rieures \u00e0 2022.4.1",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "SolarWinds",
              "scada": false
            }
          }
        },
        {
          "description": "Serv-U FTP Server versions ant\u00e9rieures \u00e0 15.3.2",
          "product": {
            "name": "Serv-U",
            "vendor": {
              "name": "SolarWinds",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": null,
      "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
      "cves": [
        {
          "name": "CVE-2021-35252",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-35252"
        },
        {
          "name": "CVE-2022-47512",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-47512"
        }
      ],
      "initial_release_date": "2022-12-22T00:00:00",
      "last_revision_date": "2022-12-22T00:00:00",
      "links": [],
      "reference": "CERTFR-2022-AVI-1123",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2022-12-22T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSolarWinds. Elles permettent \u00e0 un attaquant de provoquer un\ncontournement de la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SolarWinds",
      "vendor_advisories": [
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 SolarWinds du 15 d\u00e9cembre 2022",
          "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35252"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 SolarWinds du 16 d\u00e9cembre 2022",
          "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2022-47512"
        }
      ]
    }

    CERTFR-2022-AVI-1051

    Vulnerability from certfr_avis - Published: 2022-11-23 - Updated: 2022-11-23

    De multiples vulnérabilités ont été découvertes dans les produits SolarWinds. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.

    Solution

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    None
    Impacted products
    Vendor Product Description
    SolarWinds N/A Engineer’s Toolset (ETS) versions antérieures à 2022.4 Desktop
    SolarWinds Serv-U Serv-U versions antérieures à 15.3.2
    SolarWinds Orion Platform Orion Platform versions 2020.2.6 HF5 et antérieures
    SolarWinds Platform SolarWinds Platform versions antérieures à 2022.4
    SolarWinds N/A Security Event Manager (SEM) versions antérieures à 2022.4

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Engineer\u2019s Toolset (ETS) versions ant\u00e9rieures \u00e0 2022.4 Desktop",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "SolarWinds",
              "scada": false
            }
          }
        },
        {
          "description": "Serv-U versions ant\u00e9rieures \u00e0 15.3.2",
          "product": {
            "name": "Serv-U",
            "vendor": {
              "name": "SolarWinds",
              "scada": false
            }
          }
        },
        {
          "description": "Orion Platform versions 2020.2.6 HF5 et ant\u00e9rieures",
          "product": {
            "name": "Orion Platform",
            "vendor": {
              "name": "SolarWinds",
              "scada": false
            }
          }
        },
        {
          "description": "SolarWinds Platform versions ant\u00e9rieures \u00e0 2022.4",
          "product": {
            "name": "Platform",
            "vendor": {
              "name": "SolarWinds",
              "scada": false
            }
          }
        },
        {
          "description": "Security Event Manager (SEM) versions ant\u00e9rieures \u00e0 2022.4",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "SolarWinds",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": null,
      "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
      "cves": [
        {
          "name": "CVE-2022-36964",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-36964"
        },
        {
          "name": "CVE-2022-36962",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-36962"
        },
        {
          "name": "CVE-2022-38115",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-38115"
        },
        {
          "name": "CVE-2022-38114",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-38114"
        },
        {
          "name": "CVE-2022-38113",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-38113"
        },
        {
          "name": "CVE-2022-38106",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-38106"
        },
        {
          "name": "CVE-2022-36960",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-36960"
        },
        {
          "name": "CVE-2021-35246",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-35246"
        }
      ],
      "initial_release_date": "2022-11-23T00:00:00",
      "last_revision_date": "2022-11-23T00:00:00",
      "links": [],
      "reference": "CERTFR-2022-AVI-1051",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2022-11-23T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Injection de code indirecte \u00e0 distance (XSS)"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        },
        {
          "description": "\u00c9l\u00e9vation de privil\u00e8ges"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSolarWinds. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un contournement\nde la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SolarWinds",
      "vendor_advisories": [
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 SolarWinds cve-2022-38113 du 22 novembre 2022",
          "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2022-38113"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 SolarWinds cve-2022-36960 du 22 novembre 2022",
          "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2022-36960"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 SolarWinds cve-2022-38106 du 22 novembre 2022",
          "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2022-38106"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 SolarWinds cve-2022-38114 du 22 novembre 2022",
          "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2022-38114"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 SolarWinds cve-2022-38115 du 22 novembre 2022",
          "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2022-38115"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 SolarWinds cve-2022-36962 du 22 novembre 2022",
          "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2022-36962"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 SolarWinds cve-2021-35246 du 22 novembre 2022",
          "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35246"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 SolarWinds cve-2022-36964 du 22 novembre 2022",
          "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2022-36964"
        }
      ]
    }

    CERTFR-2022-AVI-939

    Vulnerability from certfr_avis - Published: 2022-10-20 - Updated: 2022-10-20

    De multiples vulnérabilités ont été découvertes dans les produits SolarWinds. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur et une exécution de code arbitraire à distance.

    Solution

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    None
    Impacted products
    Vendor Product Description
    SolarWinds Orion Platform Orion Platform versions 2020.2.6 HF5 et antérieures
    SolarWinds Platform SolarWinds Platform versions antérieures à 2022.4 RC1

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Orion Platform versions 2020.2.6 HF5 et ant\u00e9rieures",
          "product": {
            "name": "Orion Platform",
            "vendor": {
              "name": "SolarWinds",
              "scada": false
            }
          }
        },
        {
          "description": "SolarWinds Platform versions ant\u00e9rieures \u00e0 2022.4 RC1",
          "product": {
            "name": "Platform",
            "vendor": {
              "name": "SolarWinds",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": null,
      "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
      "cves": [
        {
          "name": "CVE-2022-36958",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-36958"
        },
        {
          "name": "CVE-2022-36966",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-36966"
        },
        {
          "name": "CVE-2022-36957",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-36957"
        },
        {
          "name": "CVE-2022-38108",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-38108"
        }
      ],
      "initial_release_date": "2022-10-20T00:00:00",
      "last_revision_date": "2022-10-20T00:00:00",
      "links": [],
      "reference": "CERTFR-2022-AVI-939",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2022-10-20T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSolarWinds. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de\ns\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur et une ex\u00e9cution de code arbitraire\n\u00e0 distance.\n",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SolarWinds",
      "vendor_advisories": [
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 SolarWinds cve-2022-38108 du 19 octobre 2022",
          "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2022-38108"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 SolarWinds cve-2022-36966 du 19 octobre 2022",
          "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2022-36966"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 SolarWinds cve-2022-36957 du 19 octobre 2022",
          "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2022-36957"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 SolarWinds cve-2022-36958 du 19 octobre 2022",
          "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2022-36958"
        }
      ]
    }

    CERTFR-2022-AVI-864

    Vulnerability from certfr_avis - Published: 2022-09-29 - Updated: 2022-09-29

    De multiples vulnérabilités ont été découvertes dans les produits SolarWinds. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une élévation de privilèges.

    Solution

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    None
    Impacted products
    Vendor Product Description
    SolarWinds N/A Hybrid Cloud Observability versions antérieures à 2022.3
    SolarWinds Orion Platform SolarWinds Platform (anciennement Orion Platform) versions antérieures à 2022.3
    References

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Hybrid Cloud Observability versions ant\u00e9rieures \u00e0 2022.3",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "SolarWinds",
              "scada": false
            }
          }
        },
        {
          "description": "SolarWinds Platform (anciennement Orion Platform) versions ant\u00e9rieures \u00e0 2022.3",
          "product": {
            "name": "Orion Platform",
            "vendor": {
              "name": "SolarWinds",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": null,
      "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
      "cves": [
        {
          "name": "CVE-2022-36965",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-36965"
        },
        {
          "name": "CVE-2022-36961",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-36961"
        },
        {
          "name": "CVE-2021-35226",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-35226"
        }
      ],
      "initial_release_date": "2022-09-29T00:00:00",
      "last_revision_date": "2022-09-29T00:00:00",
      "links": [],
      "reference": "CERTFR-2022-AVI-864",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2022-09-29T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Injection de code indirecte \u00e0 distance (XSS)"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        },
        {
          "description": "\u00c9l\u00e9vation de privil\u00e8ges"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSolarWinds. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SolarWinds",
      "vendor_advisories": [
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 SolarWinds du 28 septembre 2022",
          "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35226"
        }
      ]
    }

    CERTFR-2021-AVI-679

    Vulnerability from certfr_avis - Published: 2021-09-07 - Updated: 2021-09-07

    De multiples vulnérabilités ont été découvertes dans les produits SolarWinds. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une injection de code indirecte à distance (XSS).

    Solution

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    None
    Impacted products
    Vendor Product Description
    SolarWinds Serv-U Serv-U versions antérieures à 15.2.4
    SolarWinds N/A Patch Manager versions antérieures à 2020.2.6 HF1
    SolarWinds Orion Platform Orion Platform versions antérieures à 2020.2.6 HF1
    SolarWinds Web Help Desk Web Help Desk versions antérieures à 12.7.6

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Serv-U versions ant\u00e9rieures \u00e0 15.2.4",
          "product": {
            "name": "Serv-U",
            "vendor": {
              "name": "SolarWinds",
              "scada": false
            }
          }
        },
        {
          "description": "Patch Manager versions ant\u00e9rieures \u00e0 2020.2.6 HF1",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "SolarWinds",
              "scada": false
            }
          }
        },
        {
          "description": "Orion Platform versions ant\u00e9rieures \u00e0 2020.2.6 HF1",
          "product": {
            "name": "Orion Platform",
            "vendor": {
              "name": "SolarWinds",
              "scada": false
            }
          }
        },
        {
          "description": "Web Help Desk versions ant\u00e9rieures \u00e0 12.7.6",
          "product": {
            "name": "Web Help Desk",
            "vendor": {
              "name": "SolarWinds",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": null,
      "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
      "cves": [],
      "initial_release_date": "2021-09-07T00:00:00",
      "last_revision_date": "2021-09-07T00:00:00",
      "links": [],
      "reference": "CERTFR-2021-AVI-679",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2021-09-07T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Injection de code indirecte \u00e0 distance (XSS)"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSolarWinds. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution\nde code arbitraire \u00e0 distance, un contournement de la politique de\ns\u00e9curit\u00e9 et une injection de code indirecte \u00e0 distance (XSS).\n",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SolarWinds",
      "vendor_advisories": [
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 SolarWinds cve-2021-35239 du 15 juillet 2021",
          "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35239"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 SolarWinds cve-2021-35221 du 15 juillet 2021",
          "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35221"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 SolarWinds cve-2021-35220 du 15 juillet 2021",
          "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35220"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 SolarWinds cve-2021-32076 du 20 ao\u00fbt 2021",
          "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-32076"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 SolarWinds cve-2021-35240 du 20 juillet 2021",
          "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35240"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 SolarWinds cve-2021-35238 du 20 juillet 2021",
          "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35238"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 SolarWinds cve-2021-35223 du 20 ao\u00fbt 2021",
          "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35223"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 SolarWinds cve-2021-35222 du 15 juillet 2021",
          "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35222"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 SolarWinds cve-2021-35217 du 20 ao\u00fbt 2021",
          "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35217"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 SolarWinds cve-2021-35219 du 15 juillet 2021",
          "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35219"
        }
      ]
    }

    CVE-2022-36964 (GCVE-0-2022-36964)

    Vulnerability from nvd – Published: 2022-11-29 20:47 – Updated: 2025-04-25 14:41
    VLAI
    Title
    SolarWinds Platform Deserialization of Untrusted Data
    Summary
    SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    SolarWinds SolarWinds Platform Affected: 2022.3 and prior versions , ≤ 2022.3 (custom)
    Create a notification for this product.
    SolarWinds Orion Platform Affected: 2020.2.6 HF5 and prior versions , ≤ 2020.2.6 HF5 (custom)
    Create a notification for this product.
    Date Public
    2022-11-22 00:00
    Credits
    SolarWinds would like to thank Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative for reporting on the issue in a responsible manner.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T10:21:32.335Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-4_release_notes.htm"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36964"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-36964",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-25T14:41:05.258353Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-25T14:41:14.527Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SolarWinds Platform",
              "vendor": "SolarWinds",
              "versions": [
                {
                  "lessThanOrEqual": "2022.3",
                  "status": "affected",
                  "version": "2022.3 and prior versions",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Orion Platform",
              "vendor": "SolarWinds",
              "versions": [
                {
                  "lessThanOrEqual": "2020.2.6 HF5",
                  "status": "affected",
                  "version": "2020.2.6 HF5 and prior versions",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "SolarWinds would like to thank Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative for reporting on the issue in a responsible manner."
            }
          ],
          "datePublic": "2022-11-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-11-29T00:00:00.000Z",
            "orgId": "49f11609-934d-4621-84e6-e02e032104d6",
            "shortName": "SolarWinds"
          },
          "references": [
            {
              "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-4_release_notes.htm"
            },
            {
              "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36964"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "All SolarWinds Platform customers are advised to upgrade to the latest version of the SolarWinds Platform version 2022.4"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "SolarWinds Platform Deserialization of Untrusted Data",
          "x_generator": {
            "engine": "vulnogram 0.1.0-rc1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
        "assignerShortName": "SolarWinds",
        "cveId": "CVE-2022-36964",
        "datePublished": "2022-11-29T20:47:49.978Z",
        "dateReserved": "2022-07-27T00:00:00.000Z",
        "dateUpdated": "2025-04-25T14:41:14.527Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-36962 (GCVE-0-2022-36962)

    Vulnerability from nvd – Published: 2022-11-29 20:46 – Updated: 2025-04-25 14:42
    VLAI
    Title
    SolarWinds Platform Command Injection
    Summary
    SolarWinds Platform was susceptible to Command Injection. This vulnerability allows a remote adversary with complete control over the SolarWinds database to execute arbitrary commands.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    SolarWinds SolarWinds Platform Affected: 2022.3 and prior versions , ≤ 2022.3 (custom)
    Create a notification for this product.
    SolarWinds Orion Platform Affected: 2020.2.6 HF5 and prior versions , ≤ 2020.2.6 HF5 (custom)
    Create a notification for this product.
    Date Public
    2022-11-22 00:00
    Credits
    SolarWinds would like to thank Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative for reporting on the issue in a responsible manner.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T10:21:32.342Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-4_release_notes.htm"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36962"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-36962",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-25T14:41:52.205145Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-25T14:42:00.235Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SolarWinds Platform",
              "vendor": "SolarWinds",
              "versions": [
                {
                  "lessThanOrEqual": "2022.3",
                  "status": "affected",
                  "version": "2022.3 and prior versions",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Orion Platform",
              "vendor": "SolarWinds",
              "versions": [
                {
                  "lessThanOrEqual": "2020.2.6 HF5",
                  "status": "affected",
                  "version": "2020.2.6 HF5 and prior versions",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "SolarWinds would like to thank Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative for reporting on the issue in a responsible manner."
            }
          ],
          "datePublic": "2022-11-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SolarWinds Platform was susceptible to Command Injection. This vulnerability allows a remote adversary with complete control over the SolarWinds database to execute arbitrary commands."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-11-29T00:00:00.000Z",
            "orgId": "49f11609-934d-4621-84e6-e02e032104d6",
            "shortName": "SolarWinds"
          },
          "references": [
            {
              "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-4_release_notes.htm"
            },
            {
              "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36962"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "All SolarWinds Platform customers are advised to upgrade to the latest version of the SolarWinds Platform version 2022.4"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "SolarWinds Platform Command Injection",
          "x_generator": {
            "engine": "vulnogram 0.1.0-rc1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
        "assignerShortName": "SolarWinds",
        "cveId": "CVE-2022-36962",
        "datePublished": "2022-11-29T20:46:18.482Z",
        "dateReserved": "2022-07-27T00:00:00.000Z",
        "dateUpdated": "2025-04-25T14:42:00.235Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-36960 (GCVE-0-2022-36960)

    Vulnerability from nvd – Published: 2022-11-29 20:43 – Updated: 2025-04-24 17:46
    VLAI
    Title
    SolarWinds Platform Improper Input Validation
    Summary
    SolarWinds Platform was susceptible to Improper Input Validation. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to escalate user privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-287 - Improper Authentication
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    SolarWinds SolarWinds Platform Affected: 2022.3 and prior versions , < 2022.3 (custom)
    Create a notification for this product.
    SolarWinds Orion Platform Affected: 2020.2.6 HF5 and prior versions , ≤ 2020.2.6 HF5 (custom)
    Create a notification for this product.
    Date Public
    2022-11-21 16:00
    Credits
    SolarWinds would like to thank Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative for reporting on the issue in a responsible manner.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T10:21:32.333Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36960"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-4_release_notes.htm"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-36960",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-24T17:46:32.884693Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-24T17:46:45.937Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SolarWinds Platform",
              "vendor": "SolarWinds",
              "versions": [
                {
                  "lessThan": "2022.3",
                  "status": "affected",
                  "version": "2022.3 and prior versions",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Orion Platform",
              "vendor": "SolarWinds",
              "versions": [
                {
                  "lessThanOrEqual": "2020.2.6 HF5",
                  "status": "affected",
                  "version": "2020.2.6 HF5 and prior versions",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "SolarWinds would like to thank Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative for reporting on the issue in a responsible manner."
            }
          ],
          "datePublic": "2022-11-21T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eSolarWinds Platform was susceptible to Improper Input Validation. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to escalate user privileges.\u003c/p\u003e"
                }
              ],
              "value": "SolarWinds Platform was susceptible to Improper Input Validation. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to escalate user privileges."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287 Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-03T20:34:08.739Z",
            "orgId": "49f11609-934d-4621-84e6-e02e032104d6",
            "shortName": "SolarWinds"
          },
          "references": [
            {
              "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36960"
            },
            {
              "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-4_release_notes.htm"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eAll SolarWinds Platform customers are advised to upgrade to the latest version of the SolarWinds Platform version 2022.4\u003c/p\u003e"
                }
              ],
              "value": "All SolarWinds Platform customers are advised to upgrade to the latest version of the SolarWinds Platform version 2022.4"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "SolarWinds Platform Improper Input Validation",
          "x_generator": {
            "engine": "vulnogram 0.1.0-rc1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
        "assignerShortName": "SolarWinds",
        "cveId": "CVE-2022-36960",
        "datePublished": "2022-11-29T20:43:38.388Z",
        "dateReserved": "2022-07-27T00:00:00.000Z",
        "dateUpdated": "2025-04-24T17:46:45.937Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-38108 (GCVE-0-2022-38108)

    Vulnerability from nvd – Published: 2022-10-20 20:11 – Updated: 2025-05-08 15:22
    VLAI
    Title
    SolarWinds Platform Deserialization of Untrusted Data
    Summary
    SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    SolarWinds SolarWinds Platform Affected: unspecified , ≤ 2022.3 and prior versions (custom)
    Create a notification for this product.
    SolarWinds Orion Platform Affected: unspecified , ≤ 2020.2.6 HF5 and prior versions (custom)
    Create a notification for this product.
    Date Public
    2022-10-19 00:00
    Credits
    SolarWinds would like to thank Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative for reporting on the issue in a responsible manner.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T10:45:52.518Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-38108"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-17531"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/171567/SolarWinds-Information-Service-SWIS-Remote-Command-Execution.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-38108",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-08T15:22:04.833139Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-08T15:22:21.153Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://packetstorm.news/files/id/171567"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SolarWinds Platform",
              "vendor": "SolarWinds",
              "versions": [
                {
                  "lessThanOrEqual": "2022.3 and prior versions",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Orion Platform",
              "vendor": "SolarWinds",
              "versions": [
                {
                  "lessThanOrEqual": "2020.2.6 HF5 and prior versions",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "SolarWinds would like to thank Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative for reporting on the issue in a responsible manner."
            }
          ],
          "datePublic": "2022-10-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-03-28T00:00:00.000Z",
            "orgId": "49f11609-934d-4621-84e6-e02e032104d6",
            "shortName": "SolarWinds"
          },
          "references": [
            {
              "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-38108"
            },
            {
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-17531"
            },
            {
              "url": "http://packetstormsecurity.com/files/171567/SolarWinds-Information-Service-SWIS-Remote-Command-Execution.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "SolarWinds recommends customers upgrade to SolarWinds Platform version 2022.4 as soon as possible."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "SolarWinds Platform Deserialization of Untrusted Data",
          "workarounds": [
            {
              "lang": "en",
              "value": "SolarWinds recommends customers upgrade to SolarWinds Platform version 2022.4 as soon as it becomes available. The expected RC release is at the end of October. SolarWinds also recommends that customers follow the guidance provided in the SolarWinds Secure Configuration Guide (https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm). Ensure only authorized users can access the SolarWinds Platform. Special attention should be given to the following points from documentation:  \n\u2022\tBe careful not to expose your SolarWinds Platform website on the public Internet. If you must enable outbound Internet access from SolarWinds Servers, create a strict allow list and block all other traffic. See SolarWinds Platform Product Features Affected by Internet Access (https://support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-Product-Features-Affected-by-Internet-Access). \n\u2022\tDisable unnecessary ports, protocols, and services on your host operating system and on applications, like SQL Server. For more details, see the SolarWinds Port Requirements guide (https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-solarwinds-port-requirements.htm) and Best practices for configuring Windows Defender Firewall (\u00a9 2021 Microsoft, available at https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-firewall/best-practices-configuring, obtained on January 13, 2021.) \n\u2022\tApply proper segmentation controls on the network where you have deployed the SolarWinds Platform and SQL Server instances. \n\u2022\tConfigure the firewall for the main polling engine to limit and restrict all inbound and outbound access for port 5671. Port 5671 should only communicate to your other SolarWinds Servers (in case of High Availability, both Active and Standby Primary Polling Engine Servers). You can check these by querying the OrionServers table in the SolarWinds Platform database. Ensure this rule is updated when the configuration of SolarWinds Platform changes, for example when you add new servers."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
        "assignerShortName": "SolarWinds",
        "cveId": "CVE-2022-38108",
        "datePublished": "2022-10-20T20:11:25.181Z",
        "dateReserved": "2022-08-09T00:00:00.000Z",
        "dateUpdated": "2025-05-08T15:22:21.153Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-36958 (GCVE-0-2022-36958)

    Vulnerability from nvd – Published: 2022-10-20 20:10 – Updated: 2025-05-08 13:25
    VLAI
    Title
    SolarWinds Platform Deserialization of Untrusted Data
    Summary
    SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    SolarWinds SolarWinds Platform Affected: unspecified , ≤ 2022.3 and prior versions (custom)
    Create a notification for this product.
    SolarWinds Orion Platform Affected: unspecified , ≤ 2020.2.6 HF5 and prior versions (custom)
    Create a notification for this product.
    Date Public
    2022-10-19 00:00
    Credits
    SolarWinds would like to thank Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative for reporting on the issue in a responsible manner.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T10:21:32.213Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36958"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-17567"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-36958",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-08T13:25:42.786016Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-08T13:25:48.824Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SolarWinds Platform",
              "vendor": "SolarWinds",
              "versions": [
                {
                  "lessThanOrEqual": "2022.3 and prior versions",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Orion Platform",
              "vendor": "SolarWinds",
              "versions": [
                {
                  "lessThanOrEqual": "2020.2.6 HF5 and prior versions",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "SolarWinds would like to thank Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative for reporting on the issue in a responsible manner."
            }
          ],
          "datePublic": "2022-10-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-20T00:00:00.000Z",
            "orgId": "49f11609-934d-4621-84e6-e02e032104d6",
            "shortName": "SolarWinds"
          },
          "references": [
            {
              "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36958"
            },
            {
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-17567"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "SolarWinds recommends customers upgrade to SolarWinds Platform version 2022.4 as soon as possible."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "SolarWinds Platform Deserialization of Untrusted Data",
          "workarounds": [
            {
              "lang": "en",
              "value": "SolarWinds recommends customers upgrade to SolarWinds Platform version 2022.4 as soon as it becomes available. The expected RC release is at the end of October. SolarWinds also recommends that customers follow the guidance provided in the SolarWinds Secure Configuration Guide (https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm). Ensure only authorized users can access the SolarWinds Platform."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
        "assignerShortName": "SolarWinds",
        "cveId": "CVE-2022-36958",
        "datePublished": "2022-10-20T20:10:01.367Z",
        "dateReserved": "2022-07-27T00:00:00.000Z",
        "dateUpdated": "2025-05-08T13:25:48.824Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-36957 (GCVE-0-2022-36957)

    Vulnerability from nvd – Published: 2022-10-20 20:08 – Updated: 2025-05-05 20:01
    VLAI
    Title
    SolarWinds Platform Deserialization of Untrusted Data
    Summary
    SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    SolarWinds SolarWinds Platform Affected: unspecified , ≤ 2022.3 and prior versions (custom)
    Create a notification for this product.
    SolarWinds Orion Platform Affected: unspecified , ≤ 2020.2.6 HF5 and prior versions (custom)
    Create a notification for this product.
    Date Public
    2022-10-19 00:00
    Credits
    SolarWinds would like to thank Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative for reporting on the issue in a responsible manner.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T10:21:32.186Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36957"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-17530"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-36957",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-05T20:01:13.076756Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-05T20:01:34.955Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SolarWinds Platform",
              "vendor": "SolarWinds",
              "versions": [
                {
                  "lessThanOrEqual": "2022.3 and prior versions",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Orion Platform",
              "vendor": "SolarWinds",
              "versions": [
                {
                  "lessThanOrEqual": "2020.2.6 HF5 and prior versions",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "SolarWinds would like to thank Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative for reporting on the issue in a responsible manner."
            }
          ],
          "datePublic": "2022-10-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502: Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-20T00:00:00.000Z",
            "orgId": "49f11609-934d-4621-84e6-e02e032104d6",
            "shortName": "SolarWinds"
          },
          "references": [
            {
              "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36957"
            },
            {
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-17530"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "SolarWinds recommends customers upgrade to SolarWinds Platform version 2022.4 as soon as possible."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "SolarWinds Platform Deserialization of Untrusted Data",
          "workarounds": [
            {
              "lang": "en",
              "value": "SolarWinds recommends customers upgrade to SolarWinds Platform version 2022.4 as soon as it becomes available. The expected RC release is at the end of October. SolarWinds also recommends that customers follow the guidance provided in the SolarWinds Secure Configuration Guide (https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm). Ensure only authorized users can access the SolarWinds Platform. Special attention should be given to the following points from documentation:  \n\u2022\tBe careful not to expose your SolarWinds Platform website on the public Internet. If you must enable outbound Internet access from SolarWinds Servers, create a strict allow list and block all other traffic. See SolarWinds Platform Product Features Affected by Internet Access (https://support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-Product-Features-Affected-by-Internet-Access). \n\u2022\tDisable unnecessary ports, protocols, and services on your host operating system and on applications, like SQL Server. For more details, see the SolarWinds Port Requirements guide (https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-solarwinds-port-requirements.htm) and Best practices for configuring Windows Defender Firewall (\u00a9 2021 Microsoft, available at https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-firewall/best-practices-configuring, obtained on January 13, 2021.) \n\u2022\tApply proper segmentation controls on the network where you have deployed the SolarWinds Platform and SQL Server instances. \n\u2022\tConfigure the firewall for the main polling engine to limit and restrict all inbound and outbound access for port 5671. Port 5671 should only communicate to your other SolarWinds Servers (in case of High Availability, both Active and Standby Primary Polling Engine Servers). You can check these by querying the OrionServers table in the SolarWinds Platform database. Ensure this rule is updated when the configuration of SolarWinds Platform changes, for example when you add new servers."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
        "assignerShortName": "SolarWinds",
        "cveId": "CVE-2022-36957",
        "datePublished": "2022-10-20T20:08:04.993Z",
        "dateReserved": "2022-07-27T00:00:00.000Z",
        "dateUpdated": "2025-05-05T20:01:34.955Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-36965 (GCVE-0-2022-36965)

    Vulnerability from nvd – Published: 2022-09-30 16:45 – Updated: 2025-05-20 16:14
    VLAI
    Title
    Stored and DOM XSS in QoE Applications: Orion Platform
    Summary
    Insufficient sanitization of inputs in QoE application input field could lead to stored and Dom based XSS attack. This issue is fixed and released in SolarWinds Platform (2022.3.0).
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Stored and DOM XSS in QoE Applications: Orion Platform
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    SolarWinds Orion Platform Affected: 2020.2.6 and previous versions , < 2022.3.0 (custom)
    Create a notification for this product.
    Date Public
    2022-09-27 16:00
    Credits
    Shashank Chaurasia
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T10:21:32.389Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36965"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-3_release_notes.htm#:~:text=Release%20date%3A%20May%2024%2C%202022%20These%20release%20notes%2Cissues.%20New%20features%20and%20improvements%20in%20SolarWinds%20Platform"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-36965",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-20T16:14:53.697114Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-79",
                    "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-20T16:14:58.743Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Orion Platform",
              "vendor": "SolarWinds",
              "versions": [
                {
                  "lessThan": "2022.3.0",
                  "status": "affected",
                  "version": "2020.2.6 and previous versions",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Shashank Chaurasia"
            }
          ],
          "datePublic": "2022-09-27T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eInsufficient sanitization of inputs in QoE application input field could lead to stored and Dom based XSS attack. This issue is fixed and released in SolarWinds Platform (2022.3.0).\u003c/p\u003e"
                }
              ],
              "value": "Insufficient sanitization of inputs in QoE application input field could lead to stored and Dom based XSS attack. This issue is fixed and released in SolarWinds Platform (2022.3.0)."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Stored and DOM XSS in QoE Applications: Orion Platform",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-03T16:55:34.626Z",
            "orgId": "49f11609-934d-4621-84e6-e02e032104d6",
            "shortName": "SolarWinds"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36965"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-3_release_notes.htm#:~:text=Release%20date%3A%20May%2024%2C%202022%20These%20release%20notes%2Cissues.%20New%20features%20and%20improvements%20in%20SolarWinds%20Platform"
            }
          ],
          "source": {
            "defect": [
              "CVE-2022-36965"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Stored and DOM XSS in QoE Applications: Orion Platform",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "AKA": "SolarWinds",
              "ASSIGNER": "psirt@solarwinds.com",
              "DATE_PUBLIC": "2022-09-28T10:25:00.000Z",
              "ID": "CVE-2022-36965",
              "STATE": "PUBLIC",
              "TITLE": "Stored and DOM XSS in QoE Applications: Orion Platform"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Orion Platform",
                          "version": {
                            "version_data": [
                              {
                                "platform": "Windows",
                                "version_affected": "\u003c",
                                "version_name": "2020.2.6 and previous versions",
                                "version_value": "2022.3.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SolarWinds"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Shashank Chaurasia"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Insufficient sanitization of inputs in QoE application input field could lead to stored and Dom based XSS attack. This issue is fixed and released in SolarWinds Platform (2022.3.0)."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Stored and DOM XSS in QoE Applications: Orion Platform"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36965",
                  "refsource": "CONFIRM",
                  "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36965"
                },
                {
                  "name": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-3_release_notes.htm#:~:text=Release%20date%3A%20May%2024%2C%202022%20These%20release%20notes,issues.%20New%20features%20and%20improvements%20in%20SolarWinds%20Platform",
                  "refsource": "CONFIRM",
                  "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-3_release_notes.htm#:~:text=Release%20date%3A%20May%2024%2C%202022%20These%20release%20notes,issues.%20New%20features%20and%20improvements%20in%20SolarWinds%20Platform"
                }
              ]
            },
            "source": {
              "defect": [
                "CVE-2022-36965"
              ],
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
        "assignerShortName": "SolarWinds",
        "cveId": "CVE-2022-36965",
        "datePublished": "2022-09-30T16:45:24.996Z",
        "dateReserved": "2022-07-27T00:00:00.000Z",
        "dateUpdated": "2025-05-20T16:14:58.743Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-36961 (GCVE-0-2022-36961)

    Vulnerability from nvd – Published: 2022-09-30 16:06 – Updated: 2025-05-20 16:01
    VLAI
    Title
    Orion Platform SQL Injection Privilege Escalation Vulnerability
    Summary
    A vulnerable component of Orion Platform was vulnerable to SQL Injection, an authenticated attacker could leverage this for privilege escalation or remote code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    SolarWinds Orion Platform Affected: 2022.2.3 and previous versions , < 2022.2.3 (custom)
    Create a notification for this product.
    Date Public
    2022-09-27 16:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T10:21:32.333Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2022-36961"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-3_release_notes.htm"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-36961",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-20T16:01:28.039621Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-20T16:01:34.479Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Orion Platform",
              "vendor": "SolarWinds",
              "versions": [
                {
                  "lessThan": "2022.2.3",
                  "status": "affected",
                  "version": "2022.2.3 and previous versions",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-09-27T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA vulnerable component of Orion Platform was vulnerable to SQL Injection, an authenticated attacker could leverage this for privilege escalation or remote code execution.\u003c/p\u003e"
                }
              ],
              "value": "A vulnerable component of Orion Platform was vulnerable to SQL Injection, an authenticated attacker could leverage this for privilege escalation or remote code execution."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-03T16:46:36.401Z",
            "orgId": "49f11609-934d-4621-84e6-e02e032104d6",
            "shortName": "SolarWinds"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2022-36961"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-3_release_notes.htm"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eAll SolarWinds Platform customers are advised to upgrade to the latest generally available service update. (SolarWinds Platform)\u003c/p\u003e"
                }
              ],
              "value": "All SolarWinds Platform customers are advised to upgrade to the latest generally available service update. (SolarWinds Platform)"
            }
          ],
          "source": {
            "defect": [
              "CVE-2022-36961"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Orion Platform SQL Injection Privilege Escalation Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@solarwinds.com",
              "DATE_PUBLIC": "2022-09-28T14:35:00.000Z",
              "ID": "CVE-2022-36961",
              "STATE": "PUBLIC",
              "TITLE": "Orion Platform SQL Injection Privilege Escalation Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Orion Platform",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "2022.2.3 and previous versions",
                                "version_value": "2022.2.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SolarWinds"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerable component of Orion Platform was vulnerable to SQL Injection, an authenticated attacker could leverage this for privilege escalation or remote code execution."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-89 SQL Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.solarwinds.com/trust-center/security-advisories/cve-2022-36961",
                  "refsource": "CONFIRM",
                  "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2022-36961"
                },
                {
                  "name": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-3_release_notes.htm",
                  "refsource": "CONFIRM",
                  "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-3_release_notes.htm"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "All SolarWinds Platform customers are advised to upgrade to the latest generally available service update. (SolarWinds Platform)"
              }
            ],
            "source": {
              "defect": [
                "CVE-2022-36961"
              ],
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
        "assignerShortName": "SolarWinds",
        "cveId": "CVE-2022-36961",
        "datePublished": "2022-09-30T16:06:10.288Z",
        "dateReserved": "2022-07-27T00:00:00.000Z",
        "dateUpdated": "2025-05-20T16:01:34.479Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-35244 (GCVE-0-2021-35244)

    Vulnerability from nvd – Published: 2021-12-20 20:08 – Updated: 2024-09-16 22:10
    VLAI
    Title
    Unrestricted File Upload Causing Remote Code Execution: Orion Platform 2020.2.6
    Summary
    The "Log alert to a file" action within action management enables any Orion Platform user with Orion alert management rights to write to any file. An attacker with Orion alert management rights could use this vulnerability to perform an unrestricted file upload causing a remote code execution.
    CWE
    • https://cwe.mitre.org/data/definitions/1031.html
    Assigner
    Impacted products
    Vendor Product Version
    SolarWinds Orion Platform Affected: 2020.2.6 HF 2 and previous versions , < 2020.2.6 HF 3 (custom)
    Create a notification for this product.
    Date Public
    2021-12-20 00:00
    Credits
    dibs working with Trend Micro's Zero Day Initiative.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:33:51.297Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35242"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://documentation.solarwinds.com/en/Success_Center/orionplatform/content/core-secure-configuration.htm"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2020-2-6-Hotfix-3?language=en_US"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-375/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Windows"
              ],
              "product": "Orion Platform",
              "vendor": "SolarWinds",
              "versions": [
                {
                  "lessThan": "2020.2.6 HF 3",
                  "status": "affected",
                  "version": "2020.2.6 HF 2 and previous versions",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "dibs working with Trend Micro\u0027s Zero Day Initiative."
            }
          ],
          "datePublic": "2021-12-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The \"Log alert to a file\" action within action management enables any Orion Platform user with Orion alert management rights to write to any file. An attacker with Orion alert management rights could use this vulnerability to perform an unrestricted file upload causing a remote code execution."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "https://cwe.mitre.org/data/definitions/1031.html",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-02-16T18:06:19.000Z",
            "orgId": "49f11609-934d-4621-84e6-e02e032104d6",
            "shortName": "SolarWinds"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35242"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://documentation.solarwinds.com/en/Success_Center/orionplatform/content/core-secure-configuration.htm"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2020-2-6-Hotfix-3?language=en_US"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-375/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "SolarWinds recommends\u202fcustomers upgrade to the latest version once it becomes generally available."
            }
          ],
          "source": {
            "defect": [
              "CVE-2021-35244"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Unrestricted File Upload Causing Remote Code Execution: Orion Platform 2020.2.6",
          "workarounds": [
            {
              "lang": "en",
              "value": "If you are unable to upgrade immediately. See SolarWinds Knowledgebase Article Below:\nhttps://support.solarwinds.com/SuccessCenter/s/article/Mitigate-the-Unrestricted-File-Upload-Causing-Remote-Code-Execution-Vulnerability-CVE-2021-35244"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@solarwinds.com",
              "DATE_PUBLIC": "2021-12-20T10:51:00.000Z",
              "ID": "CVE-2021-35244",
              "STATE": "PUBLIC",
              "TITLE": "Unrestricted File Upload Causing Remote Code Execution: Orion Platform 2020.2.6"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Orion Platform",
                          "version": {
                            "version_data": [
                              {
                                "platform": "Windows",
                                "version_affected": "\u003c",
                                "version_name": "2020.2.6 HF 2 and previous versions",
                                "version_value": "2020.2.6 HF 3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SolarWinds"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "dibs working with Trend Micro\u0027s Zero Day Initiative."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The \"Log alert to a file\" action within action management enables any Orion Platform user with Orion alert management rights to write to any file. An attacker with Orion alert management rights could use this vulnerability to perform an unrestricted file upload causing a remote code execution."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "https://cwe.mitre.org/data/definitions/1031.html"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35242",
                  "refsource": "MISC",
                  "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35242"
                },
                {
                  "name": "https://documentation.solarwinds.com/en/Success_Center/orionplatform/content/core-secure-configuration.htm",
                  "refsource": "MISC",
                  "url": "https://documentation.solarwinds.com/en/Success_Center/orionplatform/content/core-secure-configuration.htm"
                },
                {
                  "name": "https://support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2020-2-6-Hotfix-3?language=en_US",
                  "refsource": "MISC",
                  "url": "https://support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2020-2-6-Hotfix-3?language=en_US"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-375/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-375/"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "SolarWinds recommends\u202fcustomers upgrade to the latest version once it becomes generally available."
              }
            ],
            "source": {
              "defect": [
                "CVE-2021-35244"
              ],
              "discovery": "UNKNOWN"
            },
            "work_around": [
              {
                "lang": "en",
                "value": "If you are unable to upgrade immediately. See SolarWinds Knowledgebase Article Below:\nhttps://support.solarwinds.com/SuccessCenter/s/article/Mitigate-the-Unrestricted-File-Upload-Causing-Remote-Code-Execution-Vulnerability-CVE-2021-35244"
              }
            ]
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
        "assignerShortName": "SolarWinds",
        "cveId": "CVE-2021-35244",
        "datePublished": "2021-12-20T20:08:24.786Z",
        "dateReserved": "2021-06-22T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:10:26.291Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-35217 (GCVE-0-2021-35217)

    Vulnerability from nvd – Published: 2021-09-08 13:15 – Updated: 2024-09-16 20:58
    VLAI
    Title
    Insecure Deserialization of untrusted data causing Remote code execution vulnerability.
    Summary
    Insecure Deseralization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module and reported to us by ZDI. An Authenticated Attacker could exploit it by executing WSAsyncExecuteTasks deserialization of untrusted data.
    CWE
    • Insecure Deserialization of untrusted data causing Remote code execution vulnerability.
    Assigner
    Impacted products
    Vendor Product Version
    SolarWinds Orion Platform Affected: 2020.2.5 and previous versions , < 2020.2.6 (custom)
    Create a notification for this product.
    Date Public
    2021-09-02 00:00
    Credits
    Jangggggg working with Trend Micro Zero Day Initiative
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:33:51.218Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/orion_platform_2020-2-6_release_notes.htm"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35217"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1247/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Orion Platform",
              "vendor": "SolarWinds",
              "versions": [
                {
                  "lessThan": "2020.2.6",
                  "status": "affected",
                  "version": "2020.2.5 and previous versions",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Jangggggg working with Trend Micro Zero Day Initiative"
            }
          ],
          "datePublic": "2021-09-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Insecure Deseralization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module and reported to us by ZDI. An Authenticated Attacker could exploit it by executing WSAsyncExecuteTasks deserialization of untrusted data."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 8.9,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Insecure Deserialization of untrusted data causing Remote code execution vulnerability.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-28T11:06:23.000Z",
            "orgId": "49f11609-934d-4621-84e6-e02e032104d6",
            "shortName": "SolarWinds"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/orion_platform_2020-2-6_release_notes.htm"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35217"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1247/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "SolarWinds  recommends  upgrading  to  both  the  latest  version  of Patch Manager and Orion Integration Module as soon as it becomes available."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Insecure Deserialization of untrusted data causing Remote code execution vulnerability.",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@solarwinds.com",
              "DATE_PUBLIC": "2021-09-02T13:14:00.000Z",
              "ID": "CVE-2021-35217",
              "STATE": "PUBLIC",
              "TITLE": "Insecure Deserialization of untrusted data causing Remote code execution vulnerability."
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Orion Platform",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "2020.2.5 and previous versions",
                                "version_value": "2020.2.6"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SolarWinds"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Jangggggg working with Trend Micro Zero Day Initiative"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Insecure Deseralization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module and reported to us by ZDI. An Authenticated Attacker could exploit it by executing WSAsyncExecuteTasks deserialization of untrusted data."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 8.9,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Insecure Deserialization of untrusted data causing Remote code execution vulnerability."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm",
                  "refsource": "MISC",
                  "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm"
                },
                {
                  "name": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/orion_platform_2020-2-6_release_notes.htm",
                  "refsource": "MISC",
                  "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/orion_platform_2020-2-6_release_notes.htm"
                },
                {
                  "name": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35217",
                  "refsource": "MISC",
                  "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35217"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1247/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1247/"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "SolarWinds  recommends  upgrading  to  both  the  latest  version  of Patch Manager and Orion Integration Module as soon as it becomes available."
              }
            ],
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
        "assignerShortName": "SolarWinds",
        "cveId": "CVE-2021-35217",
        "datePublished": "2021-09-08T13:15:03.615Z",
        "dateReserved": "2021-06-22T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:58:13.615Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-35215 (GCVE-0-2021-35215)

    Vulnerability from nvd – Published: 2021-09-01 14:21 – Updated: 2024-09-16 19:52
    VLAI
    Title
    ActionPluginBaseView Deserialization of Untrusted Data RCE
    Summary
    Insecure deserialization leading to Remote Code Execution was detected in the Orion Platform version 2020.2.5. Authentication is required to exploit this vulnerability.
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    SolarWinds Orion Platform Affected: 2020.2.5 and previous versions , < 2020.2.6 (custom)
    Create a notification for this product.
    Date Public
    2021-07-15 00:00
    Credits
    Jangggggg working with Trend Micro Zero Day Initiative
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:33:51.252Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35215"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://documentation.solarwinds.co/enm/success_center/orionplatform/content/release_notes/orion_platform_2020-2-6_release_notes.htm"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1245/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Windows"
              ],
              "product": "Orion Platform",
              "vendor": "SolarWinds",
              "versions": [
                {
                  "lessThan": "2020.2.6",
                  "status": "affected",
                  "version": "2020.2.5 and previous versions",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Jangggggg working with Trend Micro Zero Day Initiative"
            }
          ],
          "datePublic": "2021-07-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Insecure deserialization leading to Remote Code Execution was detected in the Orion Platform version 2020.2.5. Authentication is required to exploit this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 8.9,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-28T11:06:20.000Z",
            "orgId": "49f11609-934d-4621-84e6-e02e032104d6",
            "shortName": "SolarWinds"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35215"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://documentation.solarwinds.co/enm/success_center/orionplatform/content/release_notes/orion_platform_2020-2-6_release_notes.htm"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1245/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Customers are advised to update to Orion Platform 2020.2.6 once it becomes available,"
            }
          ],
          "source": {
            "defect": [
              "CVE-2021-35215"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "ActionPluginBaseView Deserialization of Untrusted Data RCE",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@solarwinds.com",
              "DATE_PUBLIC": "2021-07-15T16:08:00.000Z",
              "ID": "CVE-2021-35215",
              "STATE": "PUBLIC",
              "TITLE": "ActionPluginBaseView Deserialization of Untrusted Data RCE"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Orion Platform",
                          "version": {
                            "version_data": [
                              {
                                "platform": "Windows",
                                "version_affected": "\u003c",
                                "version_name": "2020.2.5 and previous versions",
                                "version_value": "2020.2.6"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SolarWinds"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Jangggggg working with Trend Micro Zero Day Initiative"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Insecure deserialization leading to Remote Code Execution was detected in the Orion Platform version 2020.2.5. Authentication is required to exploit this vulnerability."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 8.9,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-502 Deserialization of Untrusted Data"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm",
                  "refsource": "MISC",
                  "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm"
                },
                {
                  "name": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35215",
                  "refsource": "MISC",
                  "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35215"
                },
                {
                  "name": "https://documentation.solarwinds.co/enm/success_center/orionplatform/content/release_notes/orion_platform_2020-2-6_release_notes.htm",
                  "refsource": "MISC",
                  "url": "https://documentation.solarwinds.co/enm/success_center/orionplatform/content/release_notes/orion_platform_2020-2-6_release_notes.htm"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1245/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1245/"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Customers are advised to update to Orion Platform 2020.2.6 once it becomes available,"
              }
            ],
            "source": {
              "defect": [
                "CVE-2021-35215"
              ],
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
        "assignerShortName": "SolarWinds",
        "cveId": "CVE-2021-35215",
        "datePublished": "2021-09-01T14:21:46.258Z",
        "dateReserved": "2021-06-22T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:52:15.792Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-35238 (GCVE-0-2021-35238)

    Vulnerability from nvd – Published: 2021-09-01 11:02 – Updated: 2024-08-04 00:33
    VLAI
    Title
    Stored XSS through URL POST parameter in CreateExternalWebsite Vulnerability
    Summary
    User with Orion Platform Admin Rights could store XSS through URL POST parameter in CreateExternalWebsite website.
    CWE
    • CWE-79 - Cross-site Scripting (XSS)
    Assigner
    Impacted products
    Vendor Product Version
    SolarWinds Orion Platform Affected: 2020.2.6 and previous versions , < 2020.2.6 HF1 (custom)
    Create a notification for this product.
    Credits
    SolarWinds would like to thank Kajetan Rostojek for reporting on the issue in a responsible manner.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:33:51.272Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2020-2-6-Hotfix-1?language=en_US"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35238"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Windows"
              ],
              "product": "Orion Platform",
              "vendor": "SolarWinds",
              "versions": [
                {
                  "lessThan": "2020.2.6 HF1",
                  "status": "affected",
                  "version": "2020.2.6 and previous versions",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "SolarWinds would like to thank Kajetan Rostojek for reporting on the issue in a responsible manner."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "User with Orion Platform Admin Rights could store XSS through URL POST parameter in CreateExternalWebsite website."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Cross-site Scripting (XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-09-02T19:02:44.000Z",
            "orgId": "49f11609-934d-4621-84e6-e02e032104d6",
            "shortName": "SolarWinds"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2020-2-6-Hotfix-1?language=en_US"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35238"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "SolarWinds recommends installing 2020.2.6 Hotfix 1 for the Orion Platform as soon as it becomes available. All customers should implement all the recommendations from the Orion Secure Configuration Guide."
            }
          ],
          "source": {
            "defect": [
              "CVE-2021-35238"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Stored XSS through URL POST parameter in CreateExternalWebsite Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@solarwinds.com",
              "ID": "CVE-2021-35238",
              "STATE": "PUBLIC",
              "TITLE": "Stored XSS through URL POST parameter in CreateExternalWebsite Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Orion Platform",
                          "version": {
                            "version_data": [
                              {
                                "platform": "Windows",
                                "version_affected": "\u003c",
                                "version_name": "2020.2.6 and previous versions",
                                "version_value": "2020.2.6 HF1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SolarWinds"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "SolarWinds would like to thank Kajetan Rostojek for reporting on the issue in a responsible manner."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "User with Orion Platform Admin Rights could store XSS through URL POST parameter in CreateExternalWebsite website."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79 Cross-site Scripting (XSS)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm",
                  "refsource": "MISC",
                  "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm"
                },
                {
                  "name": "https://support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2020-2-6-Hotfix-1?language=en_US",
                  "refsource": "MISC",
                  "url": "https://support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2020-2-6-Hotfix-1?language=en_US"
                },
                {
                  "name": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35238",
                  "refsource": "MISC",
                  "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35238"
                },
                {
                  "name": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm",
                  "refsource": "MISC",
                  "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm"
                },
                {
                  "name": "https://support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2020-2-6-Hotfix-1?language=en_US",
                  "refsource": "MISC",
                  "url": "https://support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2020-2-6-Hotfix-1?language=en_US"
                },
                {
                  "name": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35238",
                  "refsource": "MISC",
                  "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35238"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "SolarWinds recommends installing 2020.2.6 Hotfix 1 for the Orion Platform as soon as it becomes available. All customers should implement all the recommendations from the Orion Secure Configuration Guide."
              }
            ],
            "source": {
              "defect": [
                "CVE-2021-35238"
              ],
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
        "assignerShortName": "SolarWinds",
        "cveId": "CVE-2021-35238",
        "datePublished": "2021-09-01T11:02:35.000Z",
        "dateReserved": "2021-06-22T00:00:00.000Z",
        "dateUpdated": "2024-08-04T00:33:51.272Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-35212 (GCVE-0-2021-35212)

    Vulnerability from nvd – Published: 2021-08-31 17:00 – Updated: 2024-08-04 00:33
    VLAI
    Title
    Blind SQL injection Vulnerability
    Summary
    An SQL injection Privilege Escalation Vulnerability was discovered in the Orion Platform reported by the ZDI Team. A blind Boolean SQL injection which could lead to full read/write over the Orion database content including the Orion certificate for any authenticated user.
    CWE
    • Blind SQL injection Vulnerability
    Assigner
    Impacted products
    Vendor Product Version
    SolarWinds Orion Platform Affected: 2020.2.5 and previous versions , < 2020.2.5 HF1 (custom)
    Create a notification for this product.
    Credits
    SolarWinds would like to thank Anonymous working with Trend Micro Zero Day Initiative for reporting on the issue in a responsible manner.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:33:51.205Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/orion_platform_2020-2-6_release_notes.htm"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35212"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1243/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Orion Platform",
              "vendor": "SolarWinds",
              "versions": [
                {
                  "lessThan": "2020.2.5 HF1",
                  "status": "affected",
                  "version": "2020.2.5 and previous versions",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "SolarWinds would like to thank Anonymous working with Trend Micro Zero Day Initiative for reporting on the issue in a responsible manner."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An SQL injection Privilege Escalation Vulnerability was discovered in the Orion Platform reported by the ZDI Team. A blind Boolean SQL injection which could lead to full read/write over the Orion database content including the Orion certificate for any authenticated user."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 8.9,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Blind SQL injection Vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-28T11:06:15.000Z",
            "orgId": "49f11609-934d-4621-84e6-e02e032104d6",
            "shortName": "SolarWinds"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/orion_platform_2020-2-6_release_notes.htm"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35212"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1243/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "SolarWinds has identified a fix for this vulnerability and included the fix in Orion Platform 2020.2.5 Hotfix 1 and, In addition, backported the fixes to Orion Platform 2019.4.2 and 2019.2 HF4,respectively."
            }
          ],
          "source": {
            "defect": [
              "CVE-2021-35212"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Blind SQL injection Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@solarwinds.com",
              "ID": "CVE-2021-35212",
              "STATE": "PUBLIC",
              "TITLE": "Blind SQL injection Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Orion Platform",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "2020.2.5 and previous versions",
                                "version_value": "2020.2.5 HF1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SolarWinds"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "SolarWinds would like to thank Anonymous working with Trend Micro Zero Day Initiative for reporting on the issue in a responsible manner."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An SQL injection Privilege Escalation Vulnerability was discovered in the Orion Platform reported by the ZDI Team. A blind Boolean SQL injection which could lead to full read/write over the Orion database content including the Orion certificate for any authenticated user."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 8.9,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Blind SQL injection Vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm",
                  "refsource": "MISC",
                  "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm"
                },
                {
                  "name": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/orion_platform_2020-2-6_release_notes.htm",
                  "refsource": "MISC",
                  "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/orion_platform_2020-2-6_release_notes.htm"
                },
                {
                  "name": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35212",
                  "refsource": "MISC",
                  "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35212"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1243/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1243/"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "SolarWinds has identified a fix for this vulnerability and included the fix in Orion Platform 2020.2.5 Hotfix 1 and, In addition, backported the fixes to Orion Platform 2019.4.2 and 2019.2 HF4,respectively."
              }
            ],
            "source": {
              "defect": [
                "CVE-2021-35212"
              ],
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
        "assignerShortName": "SolarWinds",
        "cveId": "CVE-2021-35212",
        "datePublished": "2021-08-31T17:00:15.000Z",
        "dateReserved": "2021-06-22T00:00:00.000Z",
        "dateUpdated": "2024-08-04T00:33:51.205Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-36964 (GCVE-0-2022-36964)

    Vulnerability from cvelistv5 – Published: 2022-11-29 20:47 – Updated: 2025-04-25 14:41
    VLAI
    Title
    SolarWinds Platform Deserialization of Untrusted Data
    Summary
    SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    SolarWinds SolarWinds Platform Affected: 2022.3 and prior versions , ≤ 2022.3 (custom)
    Create a notification for this product.
    SolarWinds Orion Platform Affected: 2020.2.6 HF5 and prior versions , ≤ 2020.2.6 HF5 (custom)
    Create a notification for this product.
    Date Public
    2022-11-22 00:00
    Credits
    SolarWinds would like to thank Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative for reporting on the issue in a responsible manner.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T10:21:32.335Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-4_release_notes.htm"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36964"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-36964",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-25T14:41:05.258353Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-25T14:41:14.527Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SolarWinds Platform",
              "vendor": "SolarWinds",
              "versions": [
                {
                  "lessThanOrEqual": "2022.3",
                  "status": "affected",
                  "version": "2022.3 and prior versions",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Orion Platform",
              "vendor": "SolarWinds",
              "versions": [
                {
                  "lessThanOrEqual": "2020.2.6 HF5",
                  "status": "affected",
                  "version": "2020.2.6 HF5 and prior versions",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "SolarWinds would like to thank Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative for reporting on the issue in a responsible manner."
            }
          ],
          "datePublic": "2022-11-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-11-29T00:00:00.000Z",
            "orgId": "49f11609-934d-4621-84e6-e02e032104d6",
            "shortName": "SolarWinds"
          },
          "references": [
            {
              "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-4_release_notes.htm"
            },
            {
              "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36964"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "All SolarWinds Platform customers are advised to upgrade to the latest version of the SolarWinds Platform version 2022.4"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "SolarWinds Platform Deserialization of Untrusted Data",
          "x_generator": {
            "engine": "vulnogram 0.1.0-rc1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
        "assignerShortName": "SolarWinds",
        "cveId": "CVE-2022-36964",
        "datePublished": "2022-11-29T20:47:49.978Z",
        "dateReserved": "2022-07-27T00:00:00.000Z",
        "dateUpdated": "2025-04-25T14:41:14.527Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-36962 (GCVE-0-2022-36962)

    Vulnerability from cvelistv5 – Published: 2022-11-29 20:46 – Updated: 2025-04-25 14:42
    VLAI
    Title
    SolarWinds Platform Command Injection
    Summary
    SolarWinds Platform was susceptible to Command Injection. This vulnerability allows a remote adversary with complete control over the SolarWinds database to execute arbitrary commands.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    SolarWinds SolarWinds Platform Affected: 2022.3 and prior versions , ≤ 2022.3 (custom)
    Create a notification for this product.
    SolarWinds Orion Platform Affected: 2020.2.6 HF5 and prior versions , ≤ 2020.2.6 HF5 (custom)
    Create a notification for this product.
    Date Public
    2022-11-22 00:00
    Credits
    SolarWinds would like to thank Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative for reporting on the issue in a responsible manner.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T10:21:32.342Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-4_release_notes.htm"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36962"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-36962",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-25T14:41:52.205145Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-25T14:42:00.235Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SolarWinds Platform",
              "vendor": "SolarWinds",
              "versions": [
                {
                  "lessThanOrEqual": "2022.3",
                  "status": "affected",
                  "version": "2022.3 and prior versions",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Orion Platform",
              "vendor": "SolarWinds",
              "versions": [
                {
                  "lessThanOrEqual": "2020.2.6 HF5",
                  "status": "affected",
                  "version": "2020.2.6 HF5 and prior versions",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "SolarWinds would like to thank Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative for reporting on the issue in a responsible manner."
            }
          ],
          "datePublic": "2022-11-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SolarWinds Platform was susceptible to Command Injection. This vulnerability allows a remote adversary with complete control over the SolarWinds database to execute arbitrary commands."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-11-29T00:00:00.000Z",
            "orgId": "49f11609-934d-4621-84e6-e02e032104d6",
            "shortName": "SolarWinds"
          },
          "references": [
            {
              "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-4_release_notes.htm"
            },
            {
              "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36962"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "All SolarWinds Platform customers are advised to upgrade to the latest version of the SolarWinds Platform version 2022.4"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "SolarWinds Platform Command Injection",
          "x_generator": {
            "engine": "vulnogram 0.1.0-rc1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
        "assignerShortName": "SolarWinds",
        "cveId": "CVE-2022-36962",
        "datePublished": "2022-11-29T20:46:18.482Z",
        "dateReserved": "2022-07-27T00:00:00.000Z",
        "dateUpdated": "2025-04-25T14:42:00.235Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-36960 (GCVE-0-2022-36960)

    Vulnerability from cvelistv5 – Published: 2022-11-29 20:43 – Updated: 2025-04-24 17:46
    VLAI
    Title
    SolarWinds Platform Improper Input Validation
    Summary
    SolarWinds Platform was susceptible to Improper Input Validation. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to escalate user privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-287 - Improper Authentication
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    SolarWinds SolarWinds Platform Affected: 2022.3 and prior versions , < 2022.3 (custom)
    Create a notification for this product.
    SolarWinds Orion Platform Affected: 2020.2.6 HF5 and prior versions , ≤ 2020.2.6 HF5 (custom)
    Create a notification for this product.
    Date Public
    2022-11-21 16:00
    Credits
    SolarWinds would like to thank Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative for reporting on the issue in a responsible manner.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T10:21:32.333Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36960"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-4_release_notes.htm"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-36960",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-24T17:46:32.884693Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-24T17:46:45.937Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SolarWinds Platform",
              "vendor": "SolarWinds",
              "versions": [
                {
                  "lessThan": "2022.3",
                  "status": "affected",
                  "version": "2022.3 and prior versions",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Orion Platform",
              "vendor": "SolarWinds",
              "versions": [
                {
                  "lessThanOrEqual": "2020.2.6 HF5",
                  "status": "affected",
                  "version": "2020.2.6 HF5 and prior versions",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "SolarWinds would like to thank Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative for reporting on the issue in a responsible manner."
            }
          ],
          "datePublic": "2022-11-21T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eSolarWinds Platform was susceptible to Improper Input Validation. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to escalate user privileges.\u003c/p\u003e"
                }
              ],
              "value": "SolarWinds Platform was susceptible to Improper Input Validation. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to escalate user privileges."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287 Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-03T20:34:08.739Z",
            "orgId": "49f11609-934d-4621-84e6-e02e032104d6",
            "shortName": "SolarWinds"
          },
          "references": [
            {
              "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36960"
            },
            {
              "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-4_release_notes.htm"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eAll SolarWinds Platform customers are advised to upgrade to the latest version of the SolarWinds Platform version 2022.4\u003c/p\u003e"
                }
              ],
              "value": "All SolarWinds Platform customers are advised to upgrade to the latest version of the SolarWinds Platform version 2022.4"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "SolarWinds Platform Improper Input Validation",
          "x_generator": {
            "engine": "vulnogram 0.1.0-rc1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
        "assignerShortName": "SolarWinds",
        "cveId": "CVE-2022-36960",
        "datePublished": "2022-11-29T20:43:38.388Z",
        "dateReserved": "2022-07-27T00:00:00.000Z",
        "dateUpdated": "2025-04-24T17:46:45.937Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-38108 (GCVE-0-2022-38108)

    Vulnerability from cvelistv5 – Published: 2022-10-20 20:11 – Updated: 2025-05-08 15:22
    VLAI
    Title
    SolarWinds Platform Deserialization of Untrusted Data
    Summary
    SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    SolarWinds SolarWinds Platform Affected: unspecified , ≤ 2022.3 and prior versions (custom)
    Create a notification for this product.
    SolarWinds Orion Platform Affected: unspecified , ≤ 2020.2.6 HF5 and prior versions (custom)
    Create a notification for this product.
    Date Public
    2022-10-19 00:00
    Credits
    SolarWinds would like to thank Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative for reporting on the issue in a responsible manner.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T10:45:52.518Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-38108"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-17531"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/171567/SolarWinds-Information-Service-SWIS-Remote-Command-Execution.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-38108",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-08T15:22:04.833139Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-08T15:22:21.153Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://packetstorm.news/files/id/171567"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SolarWinds Platform",
              "vendor": "SolarWinds",
              "versions": [
                {
                  "lessThanOrEqual": "2022.3 and prior versions",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Orion Platform",
              "vendor": "SolarWinds",
              "versions": [
                {
                  "lessThanOrEqual": "2020.2.6 HF5 and prior versions",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "SolarWinds would like to thank Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative for reporting on the issue in a responsible manner."
            }
          ],
          "datePublic": "2022-10-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-03-28T00:00:00.000Z",
            "orgId": "49f11609-934d-4621-84e6-e02e032104d6",
            "shortName": "SolarWinds"
          },
          "references": [
            {
              "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-38108"
            },
            {
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-17531"
            },
            {
              "url": "http://packetstormsecurity.com/files/171567/SolarWinds-Information-Service-SWIS-Remote-Command-Execution.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "SolarWinds recommends customers upgrade to SolarWinds Platform version 2022.4 as soon as possible."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "SolarWinds Platform Deserialization of Untrusted Data",
          "workarounds": [
            {
              "lang": "en",
              "value": "SolarWinds recommends customers upgrade to SolarWinds Platform version 2022.4 as soon as it becomes available. The expected RC release is at the end of October. SolarWinds also recommends that customers follow the guidance provided in the SolarWinds Secure Configuration Guide (https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm). Ensure only authorized users can access the SolarWinds Platform. Special attention should be given to the following points from documentation:  \n\u2022\tBe careful not to expose your SolarWinds Platform website on the public Internet. If you must enable outbound Internet access from SolarWinds Servers, create a strict allow list and block all other traffic. See SolarWinds Platform Product Features Affected by Internet Access (https://support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-Product-Features-Affected-by-Internet-Access). \n\u2022\tDisable unnecessary ports, protocols, and services on your host operating system and on applications, like SQL Server. For more details, see the SolarWinds Port Requirements guide (https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-solarwinds-port-requirements.htm) and Best practices for configuring Windows Defender Firewall (\u00a9 2021 Microsoft, available at https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-firewall/best-practices-configuring, obtained on January 13, 2021.) \n\u2022\tApply proper segmentation controls on the network where you have deployed the SolarWinds Platform and SQL Server instances. \n\u2022\tConfigure the firewall for the main polling engine to limit and restrict all inbound and outbound access for port 5671. Port 5671 should only communicate to your other SolarWinds Servers (in case of High Availability, both Active and Standby Primary Polling Engine Servers). You can check these by querying the OrionServers table in the SolarWinds Platform database. Ensure this rule is updated when the configuration of SolarWinds Platform changes, for example when you add new servers."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
        "assignerShortName": "SolarWinds",
        "cveId": "CVE-2022-38108",
        "datePublished": "2022-10-20T20:11:25.181Z",
        "dateReserved": "2022-08-09T00:00:00.000Z",
        "dateUpdated": "2025-05-08T15:22:21.153Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-36958 (GCVE-0-2022-36958)

    Vulnerability from cvelistv5 – Published: 2022-10-20 20:10 – Updated: 2025-05-08 13:25
    VLAI
    Title
    SolarWinds Platform Deserialization of Untrusted Data
    Summary
    SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    SolarWinds SolarWinds Platform Affected: unspecified , ≤ 2022.3 and prior versions (custom)
    Create a notification for this product.
    SolarWinds Orion Platform Affected: unspecified , ≤ 2020.2.6 HF5 and prior versions (custom)
    Create a notification for this product.
    Date Public
    2022-10-19 00:00
    Credits
    SolarWinds would like to thank Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative for reporting on the issue in a responsible manner.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T10:21:32.213Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36958"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-17567"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-36958",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-08T13:25:42.786016Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-08T13:25:48.824Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SolarWinds Platform",
              "vendor": "SolarWinds",
              "versions": [
                {
                  "lessThanOrEqual": "2022.3 and prior versions",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Orion Platform",
              "vendor": "SolarWinds",
              "versions": [
                {
                  "lessThanOrEqual": "2020.2.6 HF5 and prior versions",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "SolarWinds would like to thank Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative for reporting on the issue in a responsible manner."
            }
          ],
          "datePublic": "2022-10-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-20T00:00:00.000Z",
            "orgId": "49f11609-934d-4621-84e6-e02e032104d6",
            "shortName": "SolarWinds"
          },
          "references": [
            {
              "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36958"
            },
            {
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-17567"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "SolarWinds recommends customers upgrade to SolarWinds Platform version 2022.4 as soon as possible."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "SolarWinds Platform Deserialization of Untrusted Data",
          "workarounds": [
            {
              "lang": "en",
              "value": "SolarWinds recommends customers upgrade to SolarWinds Platform version 2022.4 as soon as it becomes available. The expected RC release is at the end of October. SolarWinds also recommends that customers follow the guidance provided in the SolarWinds Secure Configuration Guide (https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm). Ensure only authorized users can access the SolarWinds Platform."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
        "assignerShortName": "SolarWinds",
        "cveId": "CVE-2022-36958",
        "datePublished": "2022-10-20T20:10:01.367Z",
        "dateReserved": "2022-07-27T00:00:00.000Z",
        "dateUpdated": "2025-05-08T13:25:48.824Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-36957 (GCVE-0-2022-36957)

    Vulnerability from cvelistv5 – Published: 2022-10-20 20:08 – Updated: 2025-05-05 20:01
    VLAI
    Title
    SolarWinds Platform Deserialization of Untrusted Data
    Summary
    SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    SolarWinds SolarWinds Platform Affected: unspecified , ≤ 2022.3 and prior versions (custom)
    Create a notification for this product.
    SolarWinds Orion Platform Affected: unspecified , ≤ 2020.2.6 HF5 and prior versions (custom)
    Create a notification for this product.
    Date Public
    2022-10-19 00:00
    Credits
    SolarWinds would like to thank Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative for reporting on the issue in a responsible manner.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T10:21:32.186Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36957"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-17530"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-36957",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-05T20:01:13.076756Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-05T20:01:34.955Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SolarWinds Platform",
              "vendor": "SolarWinds",
              "versions": [
                {
                  "lessThanOrEqual": "2022.3 and prior versions",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Orion Platform",
              "vendor": "SolarWinds",
              "versions": [
                {
                  "lessThanOrEqual": "2020.2.6 HF5 and prior versions",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "SolarWinds would like to thank Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative for reporting on the issue in a responsible manner."
            }
          ],
          "datePublic": "2022-10-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502: Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-20T00:00:00.000Z",
            "orgId": "49f11609-934d-4621-84e6-e02e032104d6",
            "shortName": "SolarWinds"
          },
          "references": [
            {
              "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36957"
            },
            {
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-17530"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "SolarWinds recommends customers upgrade to SolarWinds Platform version 2022.4 as soon as possible."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "SolarWinds Platform Deserialization of Untrusted Data",
          "workarounds": [
            {
              "lang": "en",
              "value": "SolarWinds recommends customers upgrade to SolarWinds Platform version 2022.4 as soon as it becomes available. The expected RC release is at the end of October. SolarWinds also recommends that customers follow the guidance provided in the SolarWinds Secure Configuration Guide (https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm). Ensure only authorized users can access the SolarWinds Platform. Special attention should be given to the following points from documentation:  \n\u2022\tBe careful not to expose your SolarWinds Platform website on the public Internet. If you must enable outbound Internet access from SolarWinds Servers, create a strict allow list and block all other traffic. See SolarWinds Platform Product Features Affected by Internet Access (https://support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-Product-Features-Affected-by-Internet-Access). \n\u2022\tDisable unnecessary ports, protocols, and services on your host operating system and on applications, like SQL Server. For more details, see the SolarWinds Port Requirements guide (https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-solarwinds-port-requirements.htm) and Best practices for configuring Windows Defender Firewall (\u00a9 2021 Microsoft, available at https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-firewall/best-practices-configuring, obtained on January 13, 2021.) \n\u2022\tApply proper segmentation controls on the network where you have deployed the SolarWinds Platform and SQL Server instances. \n\u2022\tConfigure the firewall for the main polling engine to limit and restrict all inbound and outbound access for port 5671. Port 5671 should only communicate to your other SolarWinds Servers (in case of High Availability, both Active and Standby Primary Polling Engine Servers). You can check these by querying the OrionServers table in the SolarWinds Platform database. Ensure this rule is updated when the configuration of SolarWinds Platform changes, for example when you add new servers."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
        "assignerShortName": "SolarWinds",
        "cveId": "CVE-2022-36957",
        "datePublished": "2022-10-20T20:08:04.993Z",
        "dateReserved": "2022-07-27T00:00:00.000Z",
        "dateUpdated": "2025-05-05T20:01:34.955Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-36965 (GCVE-0-2022-36965)

    Vulnerability from cvelistv5 – Published: 2022-09-30 16:45 – Updated: 2025-05-20 16:14
    VLAI
    Title
    Stored and DOM XSS in QoE Applications: Orion Platform
    Summary
    Insufficient sanitization of inputs in QoE application input field could lead to stored and Dom based XSS attack. This issue is fixed and released in SolarWinds Platform (2022.3.0).
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Stored and DOM XSS in QoE Applications: Orion Platform
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    SolarWinds Orion Platform Affected: 2020.2.6 and previous versions , < 2022.3.0 (custom)
    Create a notification for this product.
    Date Public
    2022-09-27 16:00
    Credits
    Shashank Chaurasia
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T10:21:32.389Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36965"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-3_release_notes.htm#:~:text=Release%20date%3A%20May%2024%2C%202022%20These%20release%20notes%2Cissues.%20New%20features%20and%20improvements%20in%20SolarWinds%20Platform"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-36965",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-20T16:14:53.697114Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-79",
                    "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-20T16:14:58.743Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Orion Platform",
              "vendor": "SolarWinds",
              "versions": [
                {
                  "lessThan": "2022.3.0",
                  "status": "affected",
                  "version": "2020.2.6 and previous versions",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Shashank Chaurasia"
            }
          ],
          "datePublic": "2022-09-27T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eInsufficient sanitization of inputs in QoE application input field could lead to stored and Dom based XSS attack. This issue is fixed and released in SolarWinds Platform (2022.3.0).\u003c/p\u003e"
                }
              ],
              "value": "Insufficient sanitization of inputs in QoE application input field could lead to stored and Dom based XSS attack. This issue is fixed and released in SolarWinds Platform (2022.3.0)."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Stored and DOM XSS in QoE Applications: Orion Platform",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-03T16:55:34.626Z",
            "orgId": "49f11609-934d-4621-84e6-e02e032104d6",
            "shortName": "SolarWinds"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36965"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-3_release_notes.htm#:~:text=Release%20date%3A%20May%2024%2C%202022%20These%20release%20notes%2Cissues.%20New%20features%20and%20improvements%20in%20SolarWinds%20Platform"
            }
          ],
          "source": {
            "defect": [
              "CVE-2022-36965"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Stored and DOM XSS in QoE Applications: Orion Platform",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "AKA": "SolarWinds",
              "ASSIGNER": "psirt@solarwinds.com",
              "DATE_PUBLIC": "2022-09-28T10:25:00.000Z",
              "ID": "CVE-2022-36965",
              "STATE": "PUBLIC",
              "TITLE": "Stored and DOM XSS in QoE Applications: Orion Platform"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Orion Platform",
                          "version": {
                            "version_data": [
                              {
                                "platform": "Windows",
                                "version_affected": "\u003c",
                                "version_name": "2020.2.6 and previous versions",
                                "version_value": "2022.3.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SolarWinds"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Shashank Chaurasia"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Insufficient sanitization of inputs in QoE application input field could lead to stored and Dom based XSS attack. This issue is fixed and released in SolarWinds Platform (2022.3.0)."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Stored and DOM XSS in QoE Applications: Orion Platform"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36965",
                  "refsource": "CONFIRM",
                  "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36965"
                },
                {
                  "name": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-3_release_notes.htm#:~:text=Release%20date%3A%20May%2024%2C%202022%20These%20release%20notes,issues.%20New%20features%20and%20improvements%20in%20SolarWinds%20Platform",
                  "refsource": "CONFIRM",
                  "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-3_release_notes.htm#:~:text=Release%20date%3A%20May%2024%2C%202022%20These%20release%20notes,issues.%20New%20features%20and%20improvements%20in%20SolarWinds%20Platform"
                }
              ]
            },
            "source": {
              "defect": [
                "CVE-2022-36965"
              ],
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
        "assignerShortName": "SolarWinds",
        "cveId": "CVE-2022-36965",
        "datePublished": "2022-09-30T16:45:24.996Z",
        "dateReserved": "2022-07-27T00:00:00.000Z",
        "dateUpdated": "2025-05-20T16:14:58.743Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-36961 (GCVE-0-2022-36961)

    Vulnerability from cvelistv5 – Published: 2022-09-30 16:06 – Updated: 2025-05-20 16:01
    VLAI
    Title
    Orion Platform SQL Injection Privilege Escalation Vulnerability
    Summary
    A vulnerable component of Orion Platform was vulnerable to SQL Injection, an authenticated attacker could leverage this for privilege escalation or remote code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    SolarWinds Orion Platform Affected: 2022.2.3 and previous versions , < 2022.2.3 (custom)
    Create a notification for this product.
    Date Public
    2022-09-27 16:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T10:21:32.333Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2022-36961"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-3_release_notes.htm"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-36961",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-20T16:01:28.039621Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-20T16:01:34.479Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Orion Platform",
              "vendor": "SolarWinds",
              "versions": [
                {
                  "lessThan": "2022.2.3",
                  "status": "affected",
                  "version": "2022.2.3 and previous versions",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-09-27T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA vulnerable component of Orion Platform was vulnerable to SQL Injection, an authenticated attacker could leverage this for privilege escalation or remote code execution.\u003c/p\u003e"
                }
              ],
              "value": "A vulnerable component of Orion Platform was vulnerable to SQL Injection, an authenticated attacker could leverage this for privilege escalation or remote code execution."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-03T16:46:36.401Z",
            "orgId": "49f11609-934d-4621-84e6-e02e032104d6",
            "shortName": "SolarWinds"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2022-36961"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-3_release_notes.htm"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eAll SolarWinds Platform customers are advised to upgrade to the latest generally available service update. (SolarWinds Platform)\u003c/p\u003e"
                }
              ],
              "value": "All SolarWinds Platform customers are advised to upgrade to the latest generally available service update. (SolarWinds Platform)"
            }
          ],
          "source": {
            "defect": [
              "CVE-2022-36961"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Orion Platform SQL Injection Privilege Escalation Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@solarwinds.com",
              "DATE_PUBLIC": "2022-09-28T14:35:00.000Z",
              "ID": "CVE-2022-36961",
              "STATE": "PUBLIC",
              "TITLE": "Orion Platform SQL Injection Privilege Escalation Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Orion Platform",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "2022.2.3 and previous versions",
                                "version_value": "2022.2.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SolarWinds"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerable component of Orion Platform was vulnerable to SQL Injection, an authenticated attacker could leverage this for privilege escalation or remote code execution."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-89 SQL Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.solarwinds.com/trust-center/security-advisories/cve-2022-36961",
                  "refsource": "CONFIRM",
                  "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2022-36961"
                },
                {
                  "name": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-3_release_notes.htm",
                  "refsource": "CONFIRM",
                  "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-3_release_notes.htm"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "All SolarWinds Platform customers are advised to upgrade to the latest generally available service update. (SolarWinds Platform)"
              }
            ],
            "source": {
              "defect": [
                "CVE-2022-36961"
              ],
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
        "assignerShortName": "SolarWinds",
        "cveId": "CVE-2022-36961",
        "datePublished": "2022-09-30T16:06:10.288Z",
        "dateReserved": "2022-07-27T00:00:00.000Z",
        "dateUpdated": "2025-05-20T16:01:34.479Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-35244 (GCVE-0-2021-35244)

    Vulnerability from cvelistv5 – Published: 2021-12-20 20:08 – Updated: 2024-09-16 22:10
    VLAI
    Title
    Unrestricted File Upload Causing Remote Code Execution: Orion Platform 2020.2.6
    Summary
    The "Log alert to a file" action within action management enables any Orion Platform user with Orion alert management rights to write to any file. An attacker with Orion alert management rights could use this vulnerability to perform an unrestricted file upload causing a remote code execution.
    CWE
    • https://cwe.mitre.org/data/definitions/1031.html
    Assigner
    Impacted products
    Vendor Product Version
    SolarWinds Orion Platform Affected: 2020.2.6 HF 2 and previous versions , < 2020.2.6 HF 3 (custom)
    Create a notification for this product.
    Date Public
    2021-12-20 00:00
    Credits
    dibs working with Trend Micro's Zero Day Initiative.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:33:51.297Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35242"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://documentation.solarwinds.com/en/Success_Center/orionplatform/content/core-secure-configuration.htm"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2020-2-6-Hotfix-3?language=en_US"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-375/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Windows"
              ],
              "product": "Orion Platform",
              "vendor": "SolarWinds",
              "versions": [
                {
                  "lessThan": "2020.2.6 HF 3",
                  "status": "affected",
                  "version": "2020.2.6 HF 2 and previous versions",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "dibs working with Trend Micro\u0027s Zero Day Initiative."
            }
          ],
          "datePublic": "2021-12-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The \"Log alert to a file\" action within action management enables any Orion Platform user with Orion alert management rights to write to any file. An attacker with Orion alert management rights could use this vulnerability to perform an unrestricted file upload causing a remote code execution."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "https://cwe.mitre.org/data/definitions/1031.html",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-02-16T18:06:19.000Z",
            "orgId": "49f11609-934d-4621-84e6-e02e032104d6",
            "shortName": "SolarWinds"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35242"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://documentation.solarwinds.com/en/Success_Center/orionplatform/content/core-secure-configuration.htm"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2020-2-6-Hotfix-3?language=en_US"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-375/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "SolarWinds recommends\u202fcustomers upgrade to the latest version once it becomes generally available."
            }
          ],
          "source": {
            "defect": [
              "CVE-2021-35244"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Unrestricted File Upload Causing Remote Code Execution: Orion Platform 2020.2.6",
          "workarounds": [
            {
              "lang": "en",
              "value": "If you are unable to upgrade immediately. See SolarWinds Knowledgebase Article Below:\nhttps://support.solarwinds.com/SuccessCenter/s/article/Mitigate-the-Unrestricted-File-Upload-Causing-Remote-Code-Execution-Vulnerability-CVE-2021-35244"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@solarwinds.com",
              "DATE_PUBLIC": "2021-12-20T10:51:00.000Z",
              "ID": "CVE-2021-35244",
              "STATE": "PUBLIC",
              "TITLE": "Unrestricted File Upload Causing Remote Code Execution: Orion Platform 2020.2.6"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Orion Platform",
                          "version": {
                            "version_data": [
                              {
                                "platform": "Windows",
                                "version_affected": "\u003c",
                                "version_name": "2020.2.6 HF 2 and previous versions",
                                "version_value": "2020.2.6 HF 3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SolarWinds"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "dibs working with Trend Micro\u0027s Zero Day Initiative."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The \"Log alert to a file\" action within action management enables any Orion Platform user with Orion alert management rights to write to any file. An attacker with Orion alert management rights could use this vulnerability to perform an unrestricted file upload causing a remote code execution."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "https://cwe.mitre.org/data/definitions/1031.html"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35242",
                  "refsource": "MISC",
                  "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35242"
                },
                {
                  "name": "https://documentation.solarwinds.com/en/Success_Center/orionplatform/content/core-secure-configuration.htm",
                  "refsource": "MISC",
                  "url": "https://documentation.solarwinds.com/en/Success_Center/orionplatform/content/core-secure-configuration.htm"
                },
                {
                  "name": "https://support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2020-2-6-Hotfix-3?language=en_US",
                  "refsource": "MISC",
                  "url": "https://support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2020-2-6-Hotfix-3?language=en_US"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-375/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-375/"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "SolarWinds recommends\u202fcustomers upgrade to the latest version once it becomes generally available."
              }
            ],
            "source": {
              "defect": [
                "CVE-2021-35244"
              ],
              "discovery": "UNKNOWN"
            },
            "work_around": [
              {
                "lang": "en",
                "value": "If you are unable to upgrade immediately. See SolarWinds Knowledgebase Article Below:\nhttps://support.solarwinds.com/SuccessCenter/s/article/Mitigate-the-Unrestricted-File-Upload-Causing-Remote-Code-Execution-Vulnerability-CVE-2021-35244"
              }
            ]
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
        "assignerShortName": "SolarWinds",
        "cveId": "CVE-2021-35244",
        "datePublished": "2021-12-20T20:08:24.786Z",
        "dateReserved": "2021-06-22T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:10:26.291Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-35217 (GCVE-0-2021-35217)

    Vulnerability from cvelistv5 – Published: 2021-09-08 13:15 – Updated: 2024-09-16 20:58
    VLAI
    Title
    Insecure Deserialization of untrusted data causing Remote code execution vulnerability.
    Summary
    Insecure Deseralization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module and reported to us by ZDI. An Authenticated Attacker could exploit it by executing WSAsyncExecuteTasks deserialization of untrusted data.
    CWE
    • Insecure Deserialization of untrusted data causing Remote code execution vulnerability.
    Assigner
    Impacted products
    Vendor Product Version
    SolarWinds Orion Platform Affected: 2020.2.5 and previous versions , < 2020.2.6 (custom)
    Create a notification for this product.
    Date Public
    2021-09-02 00:00
    Credits
    Jangggggg working with Trend Micro Zero Day Initiative
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:33:51.218Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/orion_platform_2020-2-6_release_notes.htm"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35217"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1247/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Orion Platform",
              "vendor": "SolarWinds",
              "versions": [
                {
                  "lessThan": "2020.2.6",
                  "status": "affected",
                  "version": "2020.2.5 and previous versions",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Jangggggg working with Trend Micro Zero Day Initiative"
            }
          ],
          "datePublic": "2021-09-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Insecure Deseralization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module and reported to us by ZDI. An Authenticated Attacker could exploit it by executing WSAsyncExecuteTasks deserialization of untrusted data."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 8.9,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Insecure Deserialization of untrusted data causing Remote code execution vulnerability.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-28T11:06:23.000Z",
            "orgId": "49f11609-934d-4621-84e6-e02e032104d6",
            "shortName": "SolarWinds"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/orion_platform_2020-2-6_release_notes.htm"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35217"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1247/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "SolarWinds  recommends  upgrading  to  both  the  latest  version  of Patch Manager and Orion Integration Module as soon as it becomes available."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Insecure Deserialization of untrusted data causing Remote code execution vulnerability.",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@solarwinds.com",
              "DATE_PUBLIC": "2021-09-02T13:14:00.000Z",
              "ID": "CVE-2021-35217",
              "STATE": "PUBLIC",
              "TITLE": "Insecure Deserialization of untrusted data causing Remote code execution vulnerability."
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Orion Platform",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "2020.2.5 and previous versions",
                                "version_value": "2020.2.6"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SolarWinds"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Jangggggg working with Trend Micro Zero Day Initiative"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Insecure Deseralization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module and reported to us by ZDI. An Authenticated Attacker could exploit it by executing WSAsyncExecuteTasks deserialization of untrusted data."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 8.9,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Insecure Deserialization of untrusted data causing Remote code execution vulnerability."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm",
                  "refsource": "MISC",
                  "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm"
                },
                {
                  "name": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/orion_platform_2020-2-6_release_notes.htm",
                  "refsource": "MISC",
                  "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/orion_platform_2020-2-6_release_notes.htm"
                },
                {
                  "name": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35217",
                  "refsource": "MISC",
                  "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35217"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1247/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1247/"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "SolarWinds  recommends  upgrading  to  both  the  latest  version  of Patch Manager and Orion Integration Module as soon as it becomes available."
              }
            ],
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
        "assignerShortName": "SolarWinds",
        "cveId": "CVE-2021-35217",
        "datePublished": "2021-09-08T13:15:03.615Z",
        "dateReserved": "2021-06-22T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:58:13.615Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-35215 (GCVE-0-2021-35215)

    Vulnerability from cvelistv5 – Published: 2021-09-01 14:21 – Updated: 2024-09-16 19:52
    VLAI
    Title
    ActionPluginBaseView Deserialization of Untrusted Data RCE
    Summary
    Insecure deserialization leading to Remote Code Execution was detected in the Orion Platform version 2020.2.5. Authentication is required to exploit this vulnerability.
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    SolarWinds Orion Platform Affected: 2020.2.5 and previous versions , < 2020.2.6 (custom)
    Create a notification for this product.
    Date Public
    2021-07-15 00:00
    Credits
    Jangggggg working with Trend Micro Zero Day Initiative
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:33:51.252Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35215"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://documentation.solarwinds.co/enm/success_center/orionplatform/content/release_notes/orion_platform_2020-2-6_release_notes.htm"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1245/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Windows"
              ],
              "product": "Orion Platform",
              "vendor": "SolarWinds",
              "versions": [
                {
                  "lessThan": "2020.2.6",
                  "status": "affected",
                  "version": "2020.2.5 and previous versions",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Jangggggg working with Trend Micro Zero Day Initiative"
            }
          ],
          "datePublic": "2021-07-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Insecure deserialization leading to Remote Code Execution was detected in the Orion Platform version 2020.2.5. Authentication is required to exploit this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 8.9,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-28T11:06:20.000Z",
            "orgId": "49f11609-934d-4621-84e6-e02e032104d6",
            "shortName": "SolarWinds"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35215"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://documentation.solarwinds.co/enm/success_center/orionplatform/content/release_notes/orion_platform_2020-2-6_release_notes.htm"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1245/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Customers are advised to update to Orion Platform 2020.2.6 once it becomes available,"
            }
          ],
          "source": {
            "defect": [
              "CVE-2021-35215"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "ActionPluginBaseView Deserialization of Untrusted Data RCE",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@solarwinds.com",
              "DATE_PUBLIC": "2021-07-15T16:08:00.000Z",
              "ID": "CVE-2021-35215",
              "STATE": "PUBLIC",
              "TITLE": "ActionPluginBaseView Deserialization of Untrusted Data RCE"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Orion Platform",
                          "version": {
                            "version_data": [
                              {
                                "platform": "Windows",
                                "version_affected": "\u003c",
                                "version_name": "2020.2.5 and previous versions",
                                "version_value": "2020.2.6"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SolarWinds"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Jangggggg working with Trend Micro Zero Day Initiative"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Insecure deserialization leading to Remote Code Execution was detected in the Orion Platform version 2020.2.5. Authentication is required to exploit this vulnerability."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 8.9,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-502 Deserialization of Untrusted Data"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm",
                  "refsource": "MISC",
                  "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm"
                },
                {
                  "name": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35215",
                  "refsource": "MISC",
                  "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35215"
                },
                {
                  "name": "https://documentation.solarwinds.co/enm/success_center/orionplatform/content/release_notes/orion_platform_2020-2-6_release_notes.htm",
                  "refsource": "MISC",
                  "url": "https://documentation.solarwinds.co/enm/success_center/orionplatform/content/release_notes/orion_platform_2020-2-6_release_notes.htm"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1245/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1245/"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Customers are advised to update to Orion Platform 2020.2.6 once it becomes available,"
              }
            ],
            "source": {
              "defect": [
                "CVE-2021-35215"
              ],
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
        "assignerShortName": "SolarWinds",
        "cveId": "CVE-2021-35215",
        "datePublished": "2021-09-01T14:21:46.258Z",
        "dateReserved": "2021-06-22T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:52:15.792Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-35238 (GCVE-0-2021-35238)

    Vulnerability from cvelistv5 – Published: 2021-09-01 11:02 – Updated: 2024-08-04 00:33
    VLAI
    Title
    Stored XSS through URL POST parameter in CreateExternalWebsite Vulnerability
    Summary
    User with Orion Platform Admin Rights could store XSS through URL POST parameter in CreateExternalWebsite website.
    CWE
    • CWE-79 - Cross-site Scripting (XSS)
    Assigner
    Impacted products
    Vendor Product Version
    SolarWinds Orion Platform Affected: 2020.2.6 and previous versions , < 2020.2.6 HF1 (custom)
    Create a notification for this product.
    Credits
    SolarWinds would like to thank Kajetan Rostojek for reporting on the issue in a responsible manner.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:33:51.272Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2020-2-6-Hotfix-1?language=en_US"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35238"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Windows"
              ],
              "product": "Orion Platform",
              "vendor": "SolarWinds",
              "versions": [
                {
                  "lessThan": "2020.2.6 HF1",
                  "status": "affected",
                  "version": "2020.2.6 and previous versions",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "SolarWinds would like to thank Kajetan Rostojek for reporting on the issue in a responsible manner."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "User with Orion Platform Admin Rights could store XSS through URL POST parameter in CreateExternalWebsite website."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Cross-site Scripting (XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-09-02T19:02:44.000Z",
            "orgId": "49f11609-934d-4621-84e6-e02e032104d6",
            "shortName": "SolarWinds"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2020-2-6-Hotfix-1?language=en_US"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35238"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "SolarWinds recommends installing 2020.2.6 Hotfix 1 for the Orion Platform as soon as it becomes available. All customers should implement all the recommendations from the Orion Secure Configuration Guide."
            }
          ],
          "source": {
            "defect": [
              "CVE-2021-35238"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Stored XSS through URL POST parameter in CreateExternalWebsite Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@solarwinds.com",
              "ID": "CVE-2021-35238",
              "STATE": "PUBLIC",
              "TITLE": "Stored XSS through URL POST parameter in CreateExternalWebsite Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Orion Platform",
                          "version": {
                            "version_data": [
                              {
                                "platform": "Windows",
                                "version_affected": "\u003c",
                                "version_name": "2020.2.6 and previous versions",
                                "version_value": "2020.2.6 HF1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SolarWinds"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "SolarWinds would like to thank Kajetan Rostojek for reporting on the issue in a responsible manner."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "User with Orion Platform Admin Rights could store XSS through URL POST parameter in CreateExternalWebsite website."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79 Cross-site Scripting (XSS)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm",
                  "refsource": "MISC",
                  "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm"
                },
                {
                  "name": "https://support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2020-2-6-Hotfix-1?language=en_US",
                  "refsource": "MISC",
                  "url": "https://support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2020-2-6-Hotfix-1?language=en_US"
                },
                {
                  "name": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35238",
                  "refsource": "MISC",
                  "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35238"
                },
                {
                  "name": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm",
                  "refsource": "MISC",
                  "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm"
                },
                {
                  "name": "https://support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2020-2-6-Hotfix-1?language=en_US",
                  "refsource": "MISC",
                  "url": "https://support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2020-2-6-Hotfix-1?language=en_US"
                },
                {
                  "name": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35238",
                  "refsource": "MISC",
                  "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35238"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "SolarWinds recommends installing 2020.2.6 Hotfix 1 for the Orion Platform as soon as it becomes available. All customers should implement all the recommendations from the Orion Secure Configuration Guide."
              }
            ],
            "source": {
              "defect": [
                "CVE-2021-35238"
              ],
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
        "assignerShortName": "SolarWinds",
        "cveId": "CVE-2021-35238",
        "datePublished": "2021-09-01T11:02:35.000Z",
        "dateReserved": "2021-06-22T00:00:00.000Z",
        "dateUpdated": "2024-08-04T00:33:51.272Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }