March 22, 2024
Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]
Rewterz Threat Alert – APT38 Hidden Cobra aka Lazarus – Active IOCs
November 24, 2022
Rewterz Threat Advisory – Multiple Apache Airflow Hive Provider and Apache Airflow Vulnerability
November 24, 2022
Rewterz Threat Alert – APT38 Hidden Cobra aka Lazarus – Active IOCs
November 24, 2022
Rewterz Threat Advisory – Multiple Apache Airflow Hive Provider and Apache Airflow Vulnerability
November 24, 2022
Severity
High
Analysis Summary
CVE-2022-36964 CVSS:8.8
The vulnerability exists due to insecure input validation when processing serialized data within the DeserializeFromStrippedXml() function in SolarWinds Web Console. A remote user can pass specially crafted data to the application and execute arbitrary code on the target system.
CVE-2022-36962 CVSS:7.2
The vulnerability exists due to improper input validation within the GetPdf function. A remote privileged user with complete control over the SolarWinds database can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
CVE-2022-36960 CVSS:
The vulnerability exists due to insufficient validation of user-supplied input within the CheckWhetherNonAdminAttemptsToModifyBlacklistedRecords function in SolarWinds Web Console. A remote user can send specially crafted input to the application and execute arbitrary code on the system.
Impact
- Code Execution
- Privilege Escalation
Indicators Of Compromise
CVE
- CVE-2022-36964
- CVE-2022-36962
- CVE-2022-36960
Affected Vendors
SolarWinds
Affected Products
- SolarWinds Platform 2022.3 and earlier
- Orion Platform 2020.2.6 HF5 and earlier
Remediation
Refer to SolarWinds Secure Configuration Guide for patch, upgrade or suggested workaround information.
SolarWinds Secure Configuration Guide