CVE-2022-36957
SolarWinds Platform Deserialization of Untrusted Data
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
SolarWinds Platform era susceptible de una Deserialización de Datos No Confiables. Esta vulnerabilidad permite a un adversario remoto con acceso a la cuenta de nivel de administrador de Orion a la Consola Web de SolarWinds ejecutar comandos arbitrarios
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor. Authentication is required to exploit this vulnerability.
The specific flaw exists within the PropertyBagJsonConverter. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-07-27 CVE Reserved
- 2022-10-20 CVE Published
- 2024-05-11 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-502: Deserialization of Untrusted Data
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-CAN-17530 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36957 | 2022-10-21 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Solarwinds Search vendor "Solarwinds" | Orion Platform Search vendor "Solarwinds" for product "Orion Platform" | < 2020.2.6 Search vendor "Solarwinds" for product "Orion Platform" and version " < 2020.2.6" | - |
Affected
| ||||||
| Solarwinds Search vendor "Solarwinds" | Orion Platform Search vendor "Solarwinds" for product "Orion Platform" | 2020.2.6 Search vendor "Solarwinds" for product "Orion Platform" and version "2020.2.6" | - |
Affected
| ||||||
| Solarwinds Search vendor "Solarwinds" | Orion Platform Search vendor "Solarwinds" for product "Orion Platform" | 2020.2.6 Search vendor "Solarwinds" for product "Orion Platform" and version "2020.2.6" | hotfix1 |
Affected
| ||||||
| Solarwinds Search vendor "Solarwinds" | Orion Platform Search vendor "Solarwinds" for product "Orion Platform" | 2020.2.6 Search vendor "Solarwinds" for product "Orion Platform" and version "2020.2.6" | hotfix2 |
Affected
| ||||||
| Solarwinds Search vendor "Solarwinds" | Orion Platform Search vendor "Solarwinds" for product "Orion Platform" | 2020.2.6 Search vendor "Solarwinds" for product "Orion Platform" and version "2020.2.6" | hotfix3 |
Affected
| ||||||
| Solarwinds Search vendor "Solarwinds" | Orion Platform Search vendor "Solarwinds" for product "Orion Platform" | 2020.2.6 Search vendor "Solarwinds" for product "Orion Platform" and version "2020.2.6" | hotfix4 |
Affected
| ||||||
| Solarwinds Search vendor "Solarwinds" | Orion Platform Search vendor "Solarwinds" for product "Orion Platform" | 2020.2.6 Search vendor "Solarwinds" for product "Orion Platform" and version "2020.2.6" | hotfix5 |
Affected
| ||||||
| Solarwinds Search vendor "Solarwinds" | Orion Platform Search vendor "Solarwinds" for product "Orion Platform" | 2022.2 Search vendor "Solarwinds" for product "Orion Platform" and version "2022.2" | - |
Affected
| ||||||
| Solarwinds Search vendor "Solarwinds" | Orion Platform Search vendor "Solarwinds" for product "Orion Platform" | 2022.3 Search vendor "Solarwinds" for product "Orion Platform" and version "2022.3" | - |
Affected
| ||||||