Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds Platform 2022.3 and previous.
References
Link | Resource |
---|---|
https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-4_release_notes.htm | Release Notes Vendor Advisory |
https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36966 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: SolarWinds
Published: 2022-10-19T00:00:00
Updated: 2023-08-03T16:58:36.397Z
Reserved: 2022-07-27T00:00:00
Link: CVE-2022-36966
JSON object: View
NVD Information
Status : Modified
Published: 2022-10-20T21:15:10.050
Modified: 2023-08-03T17:15:11.330
Link: CVE-2022-36966
JSON object: View
Redhat Information
No data.
CWE