CVE-2022-47508 HIGH

CVE-2022-47508: Disable NTLM: SAM 2022.4

Vendor Solarwinds
Product Server & Application Monitor (SAM)
Weakness CWE-287 · Improper authentication
Published February 15, 2023
Last update March 18, 2025

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

Customers who had configured their polling to occur via Kerberos did not expect NTLM Traffic on their environment, but since we were querying for data via IP address this prevented us from utilizing Kerberos.

Key dates

02Disclosure timeline

February 15, 2023 CVE published
March 18, 2025 Record updated