Insecure Direct Object Reference Vulnerability: Orion Platform 2020.2.6

CVE-2022-36966

5.4MEDIUM

Key Information

Vendor: Solarwinds
Status: Solarwinds Platform
Vendor: CVE Published:; 20 October 2022

Summary

Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds Platform 2022.3 and previous.

Affected Version(s)

SolarWinds Platform < 2022.3

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Oct 20, 2022
Vulnerability Reserved.
Jul 27, 2022

Collectors

NVD DatabaseMitre Database

Credit

Asim Liaquat