CVE-2023-33229

Published: Jul 26, 2023Modified: Nov 21, 2024

3.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Exploitability: 2.1 / Impact: 1.4

Source: NVD (Secondary)

Description

The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform account to append URL parameters to inject passive HTML.

Affected (1)

Products: Solarwinds: Solarwinds Platform

Solarwinds

1 product

Solarwinds Platform

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Solarwinds Solarwinds Platform	Before 2023.3.0

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (4)

https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-3_release_notes.htm

Source: psirt@solarwinds.com

Release NotesVendor Advisory

https://www.solarwinds.com/trust-center/security-advisories/cve-2023-33229

Source: psirt@solarwinds.com

Vendor Advisory

https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-3_release_notes.htm

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://www.solarwinds.com/trust-center/security-advisories/cve-2023-33229

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.