{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2022-36966","assignerOrgId":"49f11609-934d-4621-84e6-e02e032104d6","assignerShortName":"SolarWinds","datePublished":"2022-10-20T20:05:35.645Z","dateUpdated":"2025-05-07T20:49:50.846Z","dateReserved":"2022-07-27T00:00:00.000Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","platforms":["Windows"],"product":"SolarWinds Platform","vendor":"SolarWinds","versions":[{"lessThan":"2022.3","status":"affected","version":"2022.3 and previous","versionType":"custom"}]}],"credits":[{"lang":"en","type":"finder","user":"00000000-0000-4000-9000-000000000000","value":"Asim Liaquat"}],"datePublic":"2022-10-18T16:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds Platform 2022.3 and previous.</p>"}],"value":"Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds Platform 2022.3 and previous."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":5.4,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"description":"Insecure Direct Object Reference Vulnerability: Orion Platform 2020.2.6","lang":"en"}]}],"providerMetadata":{"orgId":"49f11609-934d-4621-84e6-e02e032104d6","shortName":"SolarWinds","dateUpdated":"2023-08-03T16:58:36.397Z"},"references":[{"url":"https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-4_release_notes.htm"},{"url":"https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36966"}],"source":{"discovery":"UNKNOWN"},"title":"Insecure Direct Object Reference Vulnerability: Orion Platform 2020.2.6","x_generator":{"engine":"Vulnogram 0.0.9"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T10:21:32.223Z"},"title":"CVE Program Container","references":[{"url":"https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-4_release_notes.htm","tags":["x_transferred"]},{"url":"https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36966","tags":["x_transferred"]}]},{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-639","lang":"en","description":"CWE-639 Authorization Bypass Through User-Controlled Key"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-05-07T20:49:47.424331Z","id":"CVE-2022-36966","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-05-07T20:49:50.846Z"}}]}}