SolarWinds Platform Incorrect Comparison Vulnerability (CVE-2023-23843)

Security Advisory Summary

The SolarWinds Platform was found to be susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands.

Affected Products

SolarWinds Platform 2023.2.1 and prior versions

Fixed Software Release

SolarWinds Platform 2023.3

Acknowledgments

Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative

Advisory Detail

Severity

Medium

Advisory ID

CVE-2023-23843

First Published

07/18/2023

Last Published

07/18/2023

Fixed Version

SolarWinds Platform 2023.3

CVSS Score

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Download PDF

Send an Email