CVE-2022-36964
published 2022-11-29CVE-2022-36964: SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web…
PriorityP268high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
16.81%
96.7th percentile
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| linux | linux_kernel | >= 0 < 3.13.0-204.255 | 3.13.0-204.255 |
| solarwinds | orion_platform | < 2020.2.6 | 2020.2.6 |
| solarwinds | orion_platform | — | — |
| solarwinds | orion_platform | — | — |
| solarwinds | orion_platform | — | — |
| solarwinds | orion_platform | 2020.2.6 HF5 and prior versions – 2020.2.6 HF5 | — |
| solarwinds | solarwinds_platform | 2022.3 and prior versions – 2022.3 | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
linux vulnerabilities
osv·2025-03-05·CVSS 5.5
CVE-2023-52880 linux vulnerabilities
linux vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Media drivers;
- Direct Digital Synthesis drivers;
- TTY drivers;
- 9P distributed file system;
- ALSA framework;
(CVE-2023-52880, CVE-2024-43900, CVE-2024-36964, CVE-2024-50233,
CVE-2022-48994)
GHSA
GHSA-x499-m338-rw37: SolarWinds Platform was susceptible to the Deserialization of Untrusted Data
ghsa_unreviewed·2022-11-29
CVE-2022-36964 [HIGH] CWE-502 GHSA-x499-m338-rw37: SolarWinds Platform was susceptible to the Deserialization of Untrusted Data
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands.
No detection rules found.
No public exploits indexed.
Trendmicro
Finding Deserialization Bugs in the SolarWinds Platform
blogs_trendmicro·2023-09-21·CVSS 7.2
[HIGH] Finding Deserialization Bugs in the SolarWinds Platform
## Finding Deserialization Bugs in the SolarWinds Platform
How to find deserialization bugs in the SolarWinds platform.
By: Zero Day Initiative Sep 21, 2023 Read time: ( words)
Save to Folio
It’s been a while since I have written a blog post, please accept my sincerest apologies. This is because a lot of fun stuff that I’ve recently done is going to be presented during conferences.
Please treat this post as a small introduction to my upcoming Hexacon 2023 talk titled “Exploiting Hardened .NET Deserialization: New Exploitation Ideas and Abuse of Insecure Serialization”. The entire talk and research was inspired by two small research projects, one of which focused on issues in SolarWinds deserialization.
In this blog post, I would like to present four old vulnerabilities that were fixe
Trendmicro
Finding Deserialization Bugs in the SolarWinds Platform
blogs_trendmicro·2023-09-21·CVSS 7.2
[HIGH] Finding Deserialization Bugs in the SolarWinds Platform
# Finding Deserialization Bugs in the SolarWinds Platform
How to find deserialization bugs in the SolarWinds platform.
By: Zero Day Initiative
2023/09/21
Read time: ( words)
Save to Folio
It’s been a while since I have written a blog post, please accept my sincerest apologies. This is because a lot of fun stuff that I’ve recently done is going to be presented during conferences.
Please treat this post as a small introduction to my upcoming Hexacon 2023 talk titled “Exploiting Hardened .NET Deserialization: New Exploitation Ideas and Abuse of Insecure Serialization”. The entire talk and research was inspired by two small research projects, one of which focused on issues in SolarWinds deserialization.
In this blog post, I would like to present four old vulnerabilities that were fixed
Trendmicro
Finding Deserialization Bugs in the SolarWinds Platform
blogs_trendmicro·2023-09-21·CVSS 7.2
[HIGH] Finding Deserialization Bugs in the SolarWinds Platform
## Finding Deserialization Bugs in the SolarWinds Platform
How to find deserialization bugs in the SolarWinds platform.
By: Zero Day Initiative 2023/09/21 Read time: ( words)
Save to Folio
It’s been a while since I have written a blog post, please accept my sincerest apologies. This is because a lot of fun stuff that I’ve recently done is going to be presented during conferences.
Please treat this post as a small introduction to my upcoming Hexacon 2023 talk titled “Exploiting Hardened .NET Deserialization: New Exploitation Ideas and Abuse of Insecure Serialization”. The entire talk and research was inspired by two small research projects, one of which focused on issues in SolarWinds deserialization.
In this blog post, I would like to present four old vulnerabilities that were fixed
https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-4_release_notes.htmhttps://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36964https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-4_release_notes.htmhttps://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36964
2022-11-29
Published