Version 2022.3 and prior versions

CVE-2022-36964

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands.

HIGH CVSS 8.8 Published Nov 29, 2022

CVE-2022-36962

SolarWinds Platform was susceptible to Command Injection. This vulnerability allows a remote adversary with complete control over the SolarWinds database to execute arbitrary commands.

HIGH CVSS 7.2 Published Nov 29, 2022

CVE-2022-36960

SolarWinds Platform was susceptible to Improper Input Validation. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to escalate user privileges.

HIGH CVSS 8.8 Published Nov 29, 2022

CVE-2022-38108

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

HIGH CVSS 7.2 Published Oct 20, 2022

CVE-2022-36958

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands.

HIGH CVSS 8.8 Published Oct 20, 2022

CVE-2022-36957

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

HIGH CVSS 7.2 Published Oct 20, 2022