CVE-2022-36963
published 2023-04-21CVE-2022-36963: The SolarWinds Platform was susceptible to the Command Injection Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform…
PriorityP356high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
8.39%
94.3th percentile
The SolarWinds Platform was susceptible to the Command Injection Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform admin account to execute arbitrary commands.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| solarwinds | orion_platform | < 2023.2 | 2023.2 |
| solarwinds_platform_command_injection_vulnerability | solarwinds_platform | 2023.1 and prior versions – 2023.2 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
SolarWinds Platform 2018.4 HF3 up to 2022.4 RC1 code injection (EUVD-2022-39620)
vuldb·2026-06-18·CVSS 7.2
CVE-2022-36963 [HIGH] SolarWinds Platform 2018.4 HF3 up to 2022.4 RC1 code injection (EUVD-2022-39620)
A vulnerability, which was classified as critical, was found in SolarWinds Platform. The affected element is an unknown function. Executing a manipulation can lead to code injection.
This vulnerability appears as CVE-2022-36963. The attack may be performed from remote. There is no available exploit.
You should upgrade the affected component.
GHSA
GHSA-hqf7-473f-pm6r: The SolarWinds Platform was susceptible to the Command Injection Vulnerability
ghsa_unreviewed·2023-04-21
CVE-2022-36963 [HIGH] CWE-94 GHSA-hqf7-473f-pm6r: The SolarWinds Platform was susceptible to the Command Injection Vulnerability
The SolarWinds Platform was susceptible to the Command Injection Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform admin account to execute arbitrary commands.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-2_release_notes.htmhttps://www.solarwinds.com/trust-center/security-advisories/cve-2022-36963https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-2_release_notes.htmhttps://www.solarwinds.com/trust-center/security-advisories/cve-2022-36963
2023-04-21
Published