SolarWinds Platform Directory Traversal 

(CVE-2022-47506)

Summary

SolarWinds Platform was susceptible to the Directory Traversal Vulnerability. This vulnerability allows a local adversary with authenticated account access to edit the default configuration, enabling the execution of arbitrary commands.

Affected Products

  • SolarWinds Platform 2022.4.1

Fixed Software Release

  • SolarWinds Platform 2023.1

Acknowledgments

  • Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative

Workarounds

SolarWinds recommends customers upgrade to SolarWinds Platform version 2023.1 as soon as it becomes available. The expected release is by the end of February 2023. SolarWinds also recommends customers to follow the guidance provided in the SolarWinds Secure Configuration Guide. Ensure only authorized users can access the SolarWinds Platform. Special attention should be given to the following points from the documentation:

Advisory Details

Severity

8.8 High

Advisory ID

First Published

02/15/2023

Last Updated

02/15/2023

Fixed Version

SolarWinds Platform 2023.1

CVSS Score

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H