CVE-2023-40062

Published: Nov 1, 2023Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

SolarWinds Platform Incomplete List of Disallowed Inputs Remote Code Execution Vulnerability. If executed, this vulnerability would allow a low-privileged user to execute commands with SYSTEM privileges.

Affected (1)

Products: Solarwinds: Solarwinds Platform

Solarwinds

1 product

Solarwinds Platform

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Solarwinds Solarwinds Platform	Before 2023.4

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (4)

https://documentation.solarwinds.com/en/success_center/hco/content/release_notes/hco_2023-4_release_notes.htm

Source: psirt@solarwinds.com

Release Notes

https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-40062

Source: psirt@solarwinds.com

PatchVendor Advisory

https://documentation.solarwinds.com/en/success_center/hco/content/release_notes/hco_2023-4_release_notes.htm

Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes

https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-40062

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.