SolarWinds Platform Incomplete List of Disallowed Inputs Vulnerability (CVE-2023-23844)

Summary

The SolarWinds Platform was found to be susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with SYSTEM privileges.

Affected Products

  • SolarWinds Platform 2023.2.1 and prior version

Fixed Software Release

Acknowledgments

  • Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative
Advisory Details
Severity
Medium
Advisory ID

CVE-2023-23844

First Published
07/18/2023
Last Published
07/18/2023
Fixed Version

SolarWinds Platform 2023.3

CVSS Score

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Download PDF
Send an Email