Vulnerability Details : CVE-2022-47508
Customers who had configured their polling to occur via Kerberos did not expect NTLM Traffic on their environment, but since we were querying for data via IP address this prevented us from utilizing Kerberos.
Vulnerability category: BypassGain privilege
Exploit prediction scoring system (EPSS) score for CVE-2022-47508
Probability of exploitation activity in the next 30 days: 0.14%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 49 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2022-47508
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST |
|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
SolarWinds |
CWE ids for CVE-2022-47508
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: psirt@solarwinds.com (Secondary)
References for CVE-2022-47508
-
https://documentation.solarwinds.com/en/success_center/sam/content/release_notes/sam_2023-1_release_notes.htm
SAM 2023.1 Release NotesRelease Notes
-
https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-47508
SolarWinds Trust Center Security Advisories | CVE-2022-47508Vendor Advisory
Products affected by CVE-2022-47508
- cpe:2.3:a:solarwinds:server_and_application_monitor:2022.4:*:*:*:*:*:*:*