← volver
CVE-2022-36966

Insecure Direct Object Reference Vulnerability: Orion Platform 2020.2.6

CVSS 5.4 MEDIUMEPSS 0.4%CWE-639
Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds Platform 2022.3 and previous.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Productos afectados
SolarWinds · SolarWinds Platform

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-4_release_notes.htmhttps://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36966