CVSS: 7.2EPSS: 0%CPEs: 9EXPL: 0CVE-2022-36957 – SolarWinds Platform Deserialization of Untrusted Data
https://notcve.org/view.php?id=CVE-2022-36957
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands. SolarWinds Platform era susceptible de una Deserialización de Datos No Confiables. Esta vulnerabilidad permite a un adversario remoto con acceso a la cuenta de nivel de administrador de Orion a la Consola Web de SolarWinds ejecutar comandos arbitrarios This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor. Authentication is required to exploit this vulnerability. The specific flaw exists within the PropertyBagJsonConverter. • https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36957 https://www.zerodayinitiative.com/advisories/ZDI-CAN-17530 • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.4EPSS: 0%CPEs: 9EXPL: 0CVE-2022-36966 – Insecure Direct Object Reference Vulnerability: Orion Platform 2020.2.6
https://notcve.org/view.php?id=CVE-2022-36966
Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds Platform 2022.3 and previous. Los usuarios con derechos de administración de nodos podían ver y editar todos los nodos debido a un control insuficiente del parámetro URL que causaba una vulnerabilidad de referencia directa a objetos insegura (IDOR) en SolarWinds Platform 2022.3 y anteriores • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-4_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36966 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36961 – Orion Platform SQL Injection Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-36961
A vulnerable component of Orion Platform was vulnerable to SQL Injection, an authenticated attacker could leverage this for privilege escalation or remote code execution. Un verbo usado en Orion era vulnerable a una inyección de SQL, un atacante autenticado podría aprovechar esto para la escalada de privilegios o una ejecución de código remota This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor. Authentication is required to exploit this vulnerability. The specific flaw exists within the UpdateActionsDescriptions function. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-3_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/cve-2022-36961 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 2%CPEs: 4EXPL: 0CVE-2021-35234 – Exposed Dangerous Functions - Privileged Escalation
https://notcve.org/view.php?id=CVE-2021-35234
Numerous exposed dangerous functions within Orion Core has allows for read-only SQL injection leading to privileged escalation. An attacker with low-user privileges may steal password hashes and password salt information. Numerosas funciones peligrosas expuestas dentro de Orion Core han permitido la inyección de SQL de sólo lectura conllevando a una escalada de privilegios. Un atacante con bajos privilegios de usuario puede robar los hashes de las contraseñas y la información de las sales de las contraseñas This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor. Authentication is required to exploit this vulnerability. The specific flaw exists within the SendSyslog class. • https://documentation.solarwinds.com/en/Success_Center/orionplatform/content/core-secure-configuration.htm https://support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2020-2-6-Hotfix-3 https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35234 https://www.zerodayinitiative.com/advisories/ZDI-21-1596 https://www.zerodayinitiative.com/advisories/ZDI-21-1597 https://www.zerodayinitiative.com/advisories/ZDI-21-1598 https://www.zerodayinitiative.com/advisories/ZDI-21-1599 https://www.ze • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-35244 – Unrestricted File Upload Causing Remote Code Execution: Orion Platform 2020.2.6
https://notcve.org/view.php?id=CVE-2021-35244
The "Log alert to a file" action within action management enables any Orion Platform user with Orion alert management rights to write to any file. An attacker with Orion alert management rights could use this vulnerability to perform an unrestricted file upload causing a remote code execution. La acción "Log alert to a file" dentro de la administración de acciones permite a cualquier usuario de Orion Platform con derechos de administración de alertas de Orion escribir en cualquier archivo. Un atacante con derechos de administración de alertas de Orion podría usar esta vulnerabilidad para llevar a cabo una carga de archivos sin restricciones causando una ejecución de código remota This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of alert creation. • https://documentation.solarwinds.com/en/Success_Center/orionplatform/content/core-secure-configuration.htm https://support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2020-2-6-Hotfix-3?language=en_US https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35242 https://www.zerodayinitiative.com/advisories/ZDI-22-375 • CWE-434: Unrestricted Upload of File with Dangerous Type •