CVE-2023-33228

Published: Nov 1, 2023Modified: Nov 21, 2024

4.9

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.2 / Impact: 3.6

Source: NVD

Description

The SolarWinds Network Configuration Manager was susceptible to the Exposure of Sensitive Information Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to obtain sensitive information.

Affected (1)

Products: Solarwinds: Network Configuration Manager

Solarwinds

1 product

Network Configuration Manager

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Solarwinds Network Configuration Manager	Before 2023.4

Related CWEs

CWE-311

Missing Encryption of Sensitive Data

The product does not encrypt sensitive or critical information before storage or transmission.

References (4)

https://documentation.solarwinds.com/en/success_center/ncm/content/release_notes/ncm_2023-4_release_notes.htm

Source: psirt@solarwinds.com

Release Notes

https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-33228

Source: psirt@solarwinds.com

Vendor Advisory

https://documentation.solarwinds.com/en/success_center/ncm/content/release_notes/ncm_2023-4_release_notes.htm

Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes

https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-33228

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.