SolarWinds Platform Incorrect Input Neutralization Vulnerability (CVE-2023-33229)

Summary

The SolarWinds Platform was found to be susceptible to the Incorrect Input Neutralization Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform account to append URL parameters to inject passive HTML.

Affected Products

SolarWinds Platform 2023.2.1 and prior versions

Fixed Software Release

SolarWinds Platform 2023.3

Acknowledgments

Juampa Rodriguez (@UnD3sc0n0c1d0)

Advisory Details

Severity

Low

Advisory ID

CVE-2023-33229

First Published

07/18/2023

Last Published

07/18/2023

Fixed Version

SolarWinds Platform 2023.3

CVSS Score

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

Download PDF

Send an Email