Recent patches for two critical vulnerabilities in SolarWinds Platform could allow privilege escalation and command execution. The more serious of the two problems is CVE-2022-36963, a command injection flaw in SolarWinds’ infrastructure monitoring and management software (CVSS score: 8.8).
The weakness, according to the business, can be used remotely to run arbitrary commands. A valid set of login credentials for a SolarWinds Platform admin account must be in the attacker’s possession in order for the vulnerability to be successfully exploited. The second high-severity bug is listed as CVE-2022-47505 (CVSS score of 7.8) and is referred to as a local privilege escalation flaw.