Sensitive Data Disclosure Vulnerability

CVE-2022-47512

5.5MEDIUM

Key Information

Vendor: Solarwinds
Status: Hybrid Cloud Observability (hco)/ Solarwinds Platform
Vendor: CVE Published:; 19 December 2022

Summary

Sensitive information was stored in plain text in a file that is accessible by a user with a local account in Hybrid Cloud Observability (HCO)/ SolarWinds Platform 2022.4. No other versions are affected

Affected Version(s)

Hybrid Cloud Observability (HCO)/ SolarWinds Platform = SolarWinds 2022.4

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Dec 19, 2022
Vulnerability Reserved.
Dec 15, 2022

Collectors

NVD DatabaseMitre Database

Credit

SolarWinds would like to thank our Thwack MVP's for reporting on the issue in a responsible manner and working with our security, product, and engineering teams to fix the vulnerability.