CVE-2022-36961 - OpenCVE

A vulnerable component of Orion Platform was vulnerable to SQL Injection, an authenticated attacker could leverage this for privilege escalation or remote code execution.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Solarwinds	Orion Platform

Configuration 1 [-]

cpe:2.3:a:solarwinds:orion_platform:*:*:*:*:*:*:*:*

References

Link	Resource
https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-3_release_notes.htm	Release Notes Vendor Advisory
https://www.solarwinds.com/trust-center/security-advisories/cve-2022-36961	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: SolarWinds

Published: 2022-09-28T00:00:00

Updated: 2023-08-03T16:46:36.401Z

Reserved: 2022-07-27T00:00:00

Link: CVE-2022-36961

JSON object: View

NVD Information

Status : Modified

Published: 2022-09-30T17:15:13.010

Modified: 2023-08-03T17:15:10.840

Link: CVE-2022-36961

JSON object: View

Redhat Information

No data.

CWE

CWE-89

{"containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Orion Platform ", "vendor": "SolarWinds", "versions": [{"lessThan": "2022.2.3", "status": "affected", "version": "2022.2.3 and previous versions", "versionType": "custom"}]}], "datePublic": "2022-09-27T16:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>A vulnerable component of Orion Platform was vulnerable to SQL Injection, an authenticated attacker could leverage this for privilege escalation or remote code execution.</p>"}], "value": "A vulnerable component of Orion Platform was vulnerable to SQL Injection, an authenticated attacker could leverage this for privilege escalation or remote code execution.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "description": "CWE-89 SQL Injection", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "49f11609-934d-4621-84e6-e02e032104d6", "shortName": "SolarWinds", "dateUpdated": "2023-08-03T16:46:36.401Z"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2022-36961"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-3_release_notes.htm"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>All SolarWinds Platform customers are advised to upgrade to the latest generally available service update. (SolarWinds Platform)</p>"}], "value": "All SolarWinds Platform customers are advised to upgrade to the latest generally available service update. (SolarWinds Platform)\n\n"}], "source": {"defect": ["CVE-2022-36961"], "discovery": "UNKNOWN"}, "title": "Orion Platform SQL Injection Privilege Escalation Vulnerability", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@solarwinds.com", "DATE_PUBLIC": "2022-09-28T14:35:00.000Z", "ID": "CVE-2022-36961", "STATE": "PUBLIC", "TITLE": "Orion Platform SQL Injection Privilege Escalation Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Orion Platform ", "version": {"version_data": [{"version_affected": "<", "version_name": "2022.2.3 and previous versions", "version_value": "2022.2.3"}]}}]}, "vendor_name": "SolarWinds"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerable component of Orion Platform was vulnerable to SQL Injection, an authenticated attacker could leverage this for privilege escalation or remote code execution."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-89 SQL Injection"}]}]}, "references": {"reference_data": [{"name": "https://www.solarwinds.com/trust-center/security-advisories/cve-2022-36961", "refsource": "CONFIRM", "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2022-36961"}, {"name": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-3_release_notes.htm", "refsource": "CONFIRM", "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-3_release_notes.htm"}]}, "solution": [{"lang": "en", "value": "All SolarWinds Platform customers are advised to upgrade to the latest generally available service update. (SolarWinds Platform)"}], "source": {"defect": ["CVE-2022-36961"], "discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6", "assignerShortName": "SolarWinds", "cveId": "CVE-2022-36961", "datePublished": "2022-09-28T00:00:00", "dateReserved": "2022-07-27T00:00:00", "dateUpdated": "2023-08-03T16:46:36.401Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:solarwinds:orion_platform:*:*:*:*:*:*:*:*", "matchCriteriaId": "B721D56C-DD6B-4C63-8438-5B888332D9B6", "versionEndIncluding": "2022.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerable component of Orion Platform was vulnerable to SQL Injection, an authenticated attacker could leverage this for privilege escalation or remote code execution.\n\n"}, {"lang": "es", "value": "Un verbo usado en Orion era vulnerable a una inyecci\u00f3n de SQL, un atacante autenticado podr\u00eda aprovechar esto para la escalada de privilegios o una ejecuci\u00f3n de c\u00f3digo remota"}], "id": "CVE-2022-36961", "lastModified": "2023-08-03T17:15:10.840", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "psirt@solarwinds.com", "type": "Secondary"}]}, "published": "2022-09-30T17:15:13.010", "references": [{"source": "psirt@solarwinds.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-3_release_notes.htm"}, {"source": "psirt@solarwinds.com", "tags": ["Vendor Advisory"], "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2022-36961"}], "sourceIdentifier": "psirt@solarwinds.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-89"}], "source": "psirt@solarwinds.com", "type": "Secondary"}]}