CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-47512 – Sensitive Data Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-47512
Sensitive information was stored in plain text in a file that is accessible by a user with a local account in Hybrid Cloud Observability (HCO)/ SolarWinds Platform 2022.4. No other versions are affected • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-4-1_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-47512 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36965 – Stored and DOM XSS in QoE Applications: Orion Platform
https://notcve.org/view.php?id=CVE-2022-36965
Insufficient sanitization of inputs in QoE application input field could lead to stored and Dom based XSS attack. This issue is fixed and released in SolarWinds Platform (2022.3.0). Un saneo insuficiente de las entradas en el campo input de la aplicación QoE podría conllevar a un ataque de tipo XSS basado en el almacenamiento y en Dom. Este problema ha sido corregido y liberado en la plataforma SolarWinds (2022.3.0) • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-3_release_notes.htm#:~:text=Release%20date%3A%20May%2024%2C%202022%20These%20release%20notes%2Cissues.%20New%20features%20and%20improvements%20in%20SolarWinds%20Platform https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36965 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •