QwikSec

Security Database

CVE

CWE

Training

CVE-2022-38108

Published: Oct 20, 2022

Modified: May 8, 2025

PUBLISHED

CVSS v3.1

7.2

HIGH

Description

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

Vendor	Product	Versions
SolarWinds	SolarWinds Platform	affected `unspecified - <= 2022.3 and prior versions`
SolarWinds	Orion Platform	affected `unspecified - <= 2020.2.6 HF5 and prior versions`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

References

https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-38108

https://www.zerodayinitiative.com/advisories/ZDI-CAN-17531

http://packetstormsecurity.com/files/171567/SolarWinds-Information-Service-SWIS-Remote-Command-Execution.html

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.