SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/171567/SolarWinds-Information-Service-SWIS-Remote-Command-Execution.html | |
https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-38108 | Vendor Advisory |
https://www.zerodayinitiative.com/advisories/ZDI-CAN-17531 | Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: SolarWinds
Published: 2022-10-20T00:00:00
Updated: 2023-03-28T00:00:00
Reserved: 2022-08-09T00:00:00
Link: CVE-2022-38108
JSON object: View
NVD Information
Status : Modified
Published: 2022-10-20T21:15:10.147
Modified: 2023-03-28T17:15:11.677
Link: CVE-2022-38108
JSON object: View
Redhat Information
No data.
CWE