CVE-2022-47512 - Vulnerability Details - OpenCVE

Sensitive information was stored in plain text in a file that is accessible by a user with a local account in Hybrid Cloud Observability (HCO)/ SolarWinds Platform 2022.4. No other versions are affected

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Microsoft	Windows
Solarwinds	Solarwinds Platform

Configuration 1 [-]

AND

cpe:2.3:a:solarwinds:solarwinds_platform:2022.4.0:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-4-1_release_notes.htm
https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-47512

History

Tue, 15 Apr 2025 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 16 Sep 2024 19:00:00 +0000

Type	Values Removed	Values Added
Description	Sensitive information was stored in plain text in a file that is accessible by a user with a local account in Hybrid Cloud Observability (HCO)/ SolarWinds Platform 2022.4. No other versions are affected	Sensitive information was stored in plain text in a file that is accessible by a user with a local account in Hybrid Cloud Observability (HCO)/ SolarWinds Platform 2022.4. No other versions are affected

MITRE

Status: PUBLISHED

Assigner: SolarWinds

Published: 2022-12-21T01:21:43.830Z

Updated: 2025-04-15T17:57:28.578Z

Reserved: 2022-12-15T00:00:00.000Z

Link: CVE-2022-47512

Vulnrichment

Updated: 2024-08-03T14:55:08.298Z

NVD

Status : Modified

Published: 2022-12-19T16:15:11.260

Modified: 2024-11-21T07:32:06.990

Link: CVE-2022-47512

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-47512", "assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6", "assignerShortName": "SolarWinds", "dateUpdated": "2025-04-15T17:57:28.578Z", "dateReserved": "2022-12-15T00:00:00.000Z", "datePublished": "2022-12-21T01:21:43.830Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Windows"], "product": "Hybrid Cloud Observability (HCO)/ SolarWinds Platform", "vendor": "SolarWinds", "versions": [{"status": "affected", "version": "SolarWinds 2022.4"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "SolarWinds would like to thank our Thwack MVP's for reporting on the issue in a responsible manner and working with our security, product, and engineering teams to fix the vulnerability."}], "datePublic": "2022-12-14T16:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Sensitive information was stored in plain text in a file that is accessible by a user with a local account in Hybrid Cloud Observability (HCO)/ SolarWinds Platform 2022.4. No other versions are affected</p>"}], "value": "Sensitive information was stored in plain text in a file that is accessible by a user with a local account in Hybrid Cloud Observability (HCO)/ SolarWinds Platform 2022.4. No other versions are affected"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-312", "description": "CWE-312 Cleartext Storage of Sensitive Information", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "49f11609-934d-4621-84e6-e02e032104d6", "shortName": "SolarWinds", "dateUpdated": "2023-08-03T20:07:15.999Z"}, "references": [{"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-4-1_release_notes.htm"}, {"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-47512"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>SolarWinds has released a Service Release to address this vulnerability in Hybrid Cloud Observability (HCO)/ SolarWinds Platform (2022.4.1) </p>"}], "value": "SolarWinds has released a Service Release to address this vulnerability in Hybrid Cloud Observability (HCO)/ SolarWinds Platform (2022.4.1)"}], "source": {"discovery": "USER"}, "title": "Sensitive Data Disclosure Vulnerability", "x_generator": {"engine": "vulnogram 0.1.0-rc1"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T14:55:08.298Z"}, "title": "CVE Program Container", "references": [{"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-4-1_release_notes.htm", "tags": ["x_transferred"]}, {"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-47512", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-15T17:55:46.599402Z", "id": "CVE-2022-47512", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-15T17:57:28.578Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-4-1_release_notes.htm", "tags": ["x_transferred"]}, {"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-47512", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T14:55:08.298Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-47512", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-15T17:55:46.599402Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-15T17:57:19.571Z"}}], "cna": {"title": "Sensitive Data Disclosure Vulnerability", "source": {"discovery": "USER"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "SolarWinds would like to thank our Thwack MVP's for reporting on the issue in a responsible manner and working with our security, product, and engineering teams to fix the vulnerability."}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "SolarWinds", "product": "Hybrid Cloud Observability (HCO)/ SolarWinds Platform", "versions": [{"status": "affected", "version": "SolarWinds 2022.4"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "SolarWinds has released a Service Release to address this vulnerability in Hybrid Cloud Observability (HCO)/ SolarWinds Platform (2022.4.1)", "supportingMedia": [{"type": "text/html", "value": "<p>SolarWinds has released a Service Release to address this vulnerability in Hybrid Cloud Observability (HCO)/ SolarWinds Platform (2022.4.1) </p>", "base64": false}]}], "datePublic": "2022-12-14T16:00:00.000Z", "references": [{"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-4-1_release_notes.htm"}, {"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-47512"}], "x_generator": {"engine": "vulnogram 0.1.0-rc1"}, "descriptions": [{"lang": "en", "value": "Sensitive information was stored in plain text in a file that is accessible by a user with a local account in Hybrid Cloud Observability (HCO)/ SolarWinds Platform 2022.4. No other versions are affected", "supportingMedia": [{"type": "text/html", "value": "<p>Sensitive information was stored in plain text in a file that is accessible by a user with a local account in Hybrid Cloud Observability (HCO)/ SolarWinds Platform 2022.4. No other versions are affected</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-312", "description": "CWE-312 Cleartext Storage of Sensitive Information"}]}], "providerMetadata": {"orgId": "49f11609-934d-4621-84e6-e02e032104d6", "shortName": "SolarWinds", "dateUpdated": "2023-08-03T20:07:15.999Z"}}}, "cveMetadata": {"cveId": "CVE-2022-47512", "state": "PUBLISHED", "dateUpdated": "2025-04-15T17:57:28.578Z", "dateReserved": "2022-12-15T00:00:00.000Z", "assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6", "datePublished": "2022-12-21T01:21:43.830Z", "assignerShortName": "SolarWinds"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:solarwinds:solarwinds_platform:2022.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "722C6341-A679-4B9E-AD4A-E61377648CC9", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Sensitive information was stored in plain text in a file that is accessible by a user with a local account in Hybrid Cloud Observability (HCO)/ SolarWinds Platform 2022.4. No other versions are affected"}, {"lang": "es", "value": "La informaci\u00f3n confidencial se almacen\u00f3 en texto plano en un archivo al que puede acceder un usuario con una cuenta local en Hybrid Cloud Observability (HCO)/SolarWinds Platform 2022.4. Ninguna otra versi\u00f3n se ve afectada"}], "id": "CVE-2022-47512", "lastModified": "2024-11-21T07:32:06.990", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "psirt@solarwinds.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-12-19T16:15:11.260", "references": [{"source": "psirt@solarwinds.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-4-1_release_notes.htm"}, {"source": "psirt@solarwinds.com", "tags": ["Vendor Advisory"], "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-47512"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-4-1_release_notes.htm"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-47512"}], "sourceIdentifier": "psirt@solarwinds.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-312"}], "source": "psirt@solarwinds.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-312"}], "source": "nvd@nist.gov", "type": "Primary"}]}