Unrated severityNVD Advisory· Published Oct 20, 2022· Updated May 7, 2025

Insecure Direct Object Reference Vulnerability: Orion Platform 2020.2.6

CVE-2022-36966

Description

Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds Platform 2022.3 and previous.

Affected products

SolarWinds/Solarwinds Platformv5
Range: 2022.3 and previous

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-4_release_notes.htmmitre
www.solarwinds.com/trust-center/security-advisories/CVE-2022-36966mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000