SQL Injection in Orion Platform (CVE-2022-36961)

Summary

A component of Orion Platform was found to be vulnerable to SQL Injection attacks. An authenticated attacker could leverage this for privilege escalation or remote code execution.

Affected Products

  • Orion Platform 2022.2 and earlier

Fixed Software Release

Advisory Details
Severity
High
Advisory ID

CVE-2022-36961

First Published
09/28/2022
Fixed Version


SolarWinds Platform 2022.3

CVSS Score

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:
U/C:H/I:H/A:H

Download PDF
Send an Email