CVE-2022-36966 MEDIUM

CVE-2022-36966: Insecure Direct Object Reference Vulnerability: Orion Platform 2020.2.6

Vendor Solarwinds
Product SolarWinds Platform
Published October 20, 2022
Last update May 7, 2025

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds Platform 2022.3 and previous.

Key dates

02Disclosure timeline

October 20, 2022 CVE published
May 7, 2025 Record updated