Solarwinds Platform
CVE-2022-47512
MEDIUM
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
Sensitive information was stored in plain text in a file that is accessible by a user with a local account in Hybrid Cloud Observability (HCO)/ SolarWinds Platform 2022.4. No other versions are affected
AnalysisAI
Sensitive information was stored in plain text in a file that is accessible by a user with a local account in Hybrid Cloud Observability (HCO)/ SolarWinds Platform 2022.4. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-312. Sensitive information was stored in plain text in a file that is accessible by a user with a local account in Hybrid Cloud Observability (HCO)/ SolarWinds Platform 2022.4. No other versions are affected Affected products include: Solarwinds Solarwinds Platform.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Solarwinds Platform
View allThe SolarWinds Platform was determined to be affected by a Race Condition Vulnerability affecting the web console. Rated
SQL Injection Remote Code Vulnerability was found in the SolarWinds Platform. Rated high severity (CVSS 8.8), this vulne
SolarWinds Platform Incomplete List of Disallowed Inputs Remote Code Execution Vulnerability. Rated high severity (CVSS
Insecure job execution mechanism vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication
SolarWinds Platform is susceptible to an Uncontrolled Search Path Element Local Privilege Escalation vulnerability. Rate
The SolarWinds Platform was determined to be affected by a SWQL Injection Vulnerability. Rated high severity (CVSS 7.5),
A SolarWinds Platform SWQL Injection Vulnerability was identified in the user interface. Rated high severity (CVSS 7.4),
The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. Rated high severity (CVSS 7.2), this
The SolarWinds Platform was susceptible to the Incorrect Behavior Order Vulnerability. Rated high severity (CVSS 7.2), t
The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. Rated high severity (CVSS 7.2), this
The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. Rated high severity (CVSS 7.2), this
SolarWinds Platform is vulnerable to a reflected cross-site scripting vulnerability. Rated medium severity (CVSS 6.8), t
Same weakness CWE-312 – Cleartext Storage of Sensitive Information
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today