PT-2022-23712 · Solarwinds · Solarwinds Platform
Asim Liaquat
·
Published
2022-08-16
·
Updated
2025-05-07
·
CVE-2022-36966
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
SolarWinds Platform versions 2022.3 and previous
Description
The issue is related to insufficient control on a URL parameter, causing an insecure direct object reference (IDOR) vulnerability. This allowed users with Node Management rights to view and edit all nodes.
Recommendations
For SolarWinds Platform versions 2022.3 and previous, update to a version that includes a fix for the insecure direct object reference vulnerability. As a temporary workaround, consider restricting Node Management rights to minimize the risk of exploitation.
Fix
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Solarwinds Platform