SQL Injection in Orion Platform

(CVE-2022-36961)

Summary

A component of Orion Platform was found to be vulnerable to SQL Injection attacks. An authenticated attacker could leverage this for privilege escalation or remote code execution.

Affected Products

Orion Platform 2022.2 and earlier

Fixed Software Release

SolarWinds Platform 2022.3

Advisory Details

Severity

8.0 High

Advisory ID

CVE-2022-36961

First Published

09/28/2022

Fixed Version

SolarWinds Platform 2022.3

CVSS Score

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:
U/C:H/I:H/A:H