cbcvebase.
CVE-2022-36966
published 2022-10-20

CVE-2022-36966: Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference…

PriorityP427medium5.4CVSS 3.1
AVNACLPRLUINSUCLILAN
EPSS
0.40%
32.3th percentile
Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds Platform 2022.3 and previous.

Affected

5 ranges
VendorProductVersion rangeFixed in
solarwindsorion_platform< 2020.2.62020.2.6
solarwindsorion_platform
solarwindsorion_platform
solarwindsorion_platform
solarwindssolarwinds_platform>= 2022.3 and previous < 2022.32022.3
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.