April 18, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – APT38 Hidden Cobra aka Lazarus – Active IOCs
November 24, 2022Rewterz Threat Advisory – Multiple Apache Airflow Hive Provider and Apache Airflow Vulnerability
November 24, 2022Rewterz Threat Alert – APT38 Hidden Cobra aka Lazarus – Active IOCs
November 24, 2022Rewterz Threat Advisory – Multiple Apache Airflow Hive Provider and Apache Airflow Vulnerability
November 24, 2022
Severity
High
Analysis Summary
CVE-2022-36964 CVSS:8.8
The vulnerability exists due to insecure input validation when processing serialized data within the DeserializeFromStrippedXml() function in SolarWinds Web Console. A remote user can pass specially crafted data to the application and execute arbitrary code on the target system.
CVE-2022-36962 CVSS:7.2
The vulnerability exists due to improper input validation within the GetPdf function. A remote privileged user with complete control over the SolarWinds database can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
CVE-2022-36960 CVSS:
The vulnerability exists due to insufficient validation of user-supplied input within the CheckWhetherNonAdminAttemptsToModifyBlacklistedRecords function in SolarWinds Web Console. A remote user can send specially crafted input to the application and execute arbitrary code on the system.
Impact
- Code Execution
- Privilege Escalation
Indicators Of Compromise
CVE
- CVE-2022-36964
- CVE-2022-36962
- CVE-2022-36960
Affected Vendors
SolarWinds
Affected Products
- SolarWinds Platform 2022.3 and earlier
- Orion Platform 2020.2.6 HF5 and earlier
Remediation
Refer to SolarWinds Secure Configuration Guide for patch, upgrade or suggested workaround information.
SolarWinds Secure Configuration Guide
