CVE-2022-47512: 
SolarWinds Platform vulnerability analysis and mitigation

CVE-2022-47512 is a sensitive data disclosure vulnerability discovered in SolarWinds Hybrid Cloud Observability (HCO)/SolarWinds Platform 2022.4. The vulnerability was disclosed on December 16, 2022, and involves sensitive information being stored in plain text in a file that is accessible by a user with a local account (SolarWinds Advisory, Release Notes).

The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. The vulnerability is classified under CWE-312 (Cleartext Storage of Sensitive Information). The issue specifically affects users who have been given access to the application server, requiring local access to exploit (NVD).

The vulnerability could lead to unauthorized disclosure of sensitive information stored in plaintext files. The impact is primarily on confidentiality (rated as High), while there are no direct impacts on integrity or availability of the system (SolarWinds Advisory).

SolarWinds has addressed this vulnerability in SolarWinds Platform version 2022.4.1. Users are recommended to upgrade to this version to mitigate the risk. No other versions are affected by this vulnerability (Release Notes).

SolarWinds acknowledged the contribution of Thwack MVPs in identifying and reporting this vulnerability through their security research program (Release Notes).