CVE-2022-38115
published 2022-11-23CVE-2022-38115: Insecure method vulnerability in which allowed HTTP methods are disclosed. E.g., OPTIONS, DELETE, TRACE, and PUT
PriorityP425medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EPSS
0.65%
46.5th percentile
Insecure method vulnerability in which allowed HTTP methods are disclosed. E.g., OPTIONS, DELETE, TRACE, and PUT
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| solarwinds | security_event_manager | < 2022.2 | 2022.2 |
| solarwinds | solarwinds_sem | >= 2022.2 and previous versions < 2022.4 | 2022.4 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
SolarWinds SEM up to 2022.2 HTTP Method trusting http permission methods on the server side (EUVD-2022-40717)
vuldb·2026-06-22·CVSS 5.3
CVE-2022-38115 [MEDIUM] SolarWinds SEM up to 2022.2 HTTP Method trusting http permission methods on the server side (EUVD-2022-40717)
A vulnerability categorized as problematic has been discovered in SolarWinds SEM up to 2022.2. This impacts an unknown function of the component HTTP Method Handler. The manipulation results in trusting http permission methods on the server side.
This vulnerability was named CVE-2022-38115. The attack needs to be approached within the local network. There is no available exploit.
It is advisable to upgrade the affected component.
GHSA
GHSA-4528-vmxj-v97w: Insecure method vulnerability in which allowed HTTP methods are disclosed
ghsa_unreviewed·2022-11-23
CVE-2022-38115 [MEDIUM] CWE-436 GHSA-4528-vmxj-v97w: Insecure method vulnerability in which allowed HTTP methods are disclosed
Insecure method vulnerability in which allowed HTTP methods are disclosed. E.g., OPTIONS, DELETE, TRACE, and PUT
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://documentation.solarwinds.com/en/success_center/sem/content/release_notes/sem_2022-4_release_notes.htmhttps://www.solarwinds.com/trust-center/security-advisories/CVE-2022-38115https://documentation.solarwinds.com/en/success_center/sem/content/release_notes/sem_2022-4_release_notes.htmhttps://www.solarwinds.com/trust-center/security-advisories/CVE-2022-38115
2022-11-23
Published