Security Event Manager
CVE-2022-38113
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
This vulnerability discloses build and services versions in the server response header.
AnalysisAI
This vulnerability discloses build and services versions in the server response header. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. This vulnerability discloses build and services versions in the server response header. Affected products include: Solarwinds Security Event Manager.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.
More in Security Event Manager
View allThe SolarWinds Security Event Manager was susceptible to Remote Code Execution Vulnerability. Rated high severity (CVSS
This vulnerability occurs when a web server fails to correctly process the Content-Length of POST requests. Rated medium
Insecure method vulnerability in which allowed HTTP methods are disclosed. Rated medium severity (CVSS 5.3), this vulner
Same weakness CWE-200 – Information Exposure
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today