Client-Side Desync Vulnerability

CVE-2022-38114

6.1MEDIUM

Key Information

Vendor: Solarwinds
Status: Solarwinds Sem
Vendor: CVE Published:; 23 November 2022

Summary

This vulnerability occurs when a web server fails to correctly process the Content-Length of POST requests. This can lead to HTTP request smuggling or XSS.

Affected Version(s)

SolarWinds SEM < 2022.4

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published.
Nov 23, 2022
Vulnerability Reserved.
Aug 9, 2022

Collectors

NVD DatabaseMitre Database

Credit

SolarWinds would like to thank Ken Pyle of CYBIR for disclosing this vulnerability to us responsibly.