CVE-2023-23836

Published: Feb 15, 2023Modified: Nov 21, 2024

7.2

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: NVD

Description

SolarWinds Platform version 2022.4.1 was found to be susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to the SolarWinds Web Console to execute arbitrary commands.

Affected (1)

Products: Solarwinds: Orion Platform

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Solarwinds Orion Platform	Version 2022.4.1

Related CWEs

Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References (4)

https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-1_release_notes.htm

Source: psirt@solarwinds.com

Release Notes

https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-23836

Source: psirt@solarwinds.com

Vendor Advisory

https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-1_release_notes.htm

Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes

https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-23836

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.