← voltar
CVE-2022-36966

Insecure Direct Object Reference Vulnerability: Orion Platform 2020.2.6

CVSS 5.4 MEDIUMEPSS 0.4%CWE-639
Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds Platform 2022.3 and previous.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Produtos afetados
SolarWinds · SolarWinds Platform

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-4_release_notes.htmhttps://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36966