Skip to main content

Solarwinds Platform CVE-2023-33229

LOW
Code Injection (CWE-94)
2023-07-26 psirt@solarwinds.com
3.5
CVSS 3.1 · Vendor: solarwinds

Severity by source

Vendor (solarwinds) PRIMARY
3.5 LOW
AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Primary rating from Vendor (solarwinds) · only source for this CVE.

CVSS VectorVendor: solarwinds

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Jul 26, 2023 - 15:15 cve.org
LOW 3.5

DescriptionCVE.org

The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform account to append URL parameters to inject passive HTML.

AnalysisAI

The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Code Injection (CWE-94), which allows attackers to inject and execute arbitrary code within the application. The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform account to append URL parameters to inject passive HTML. Affected products include: Solarwinds Solarwinds Platform.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Never evaluate user-controlled input as code. Use sandboxing, disable dangerous functions, apply strict input validation.

CVE-2024-28999 HIGH POC
7.5 Jun 04

The SolarWinds Platform was determined to be affected by a Race Condition Vulnerability affecting the web console. Rated

CVE-2023-40056 HIGH
8.8 Nov 28

SQL Injection Remote Code Vulnerability was found in the SolarWinds Platform. Rated high severity (CVSS 8.8), this vulne

CVE-2023-40062 HIGH
8.8 Nov 01

SolarWinds Platform Incomplete List of Disallowed Inputs Remote Code Execution Vulnerability. Rated high severity (CVSS

CVE-2023-40061 HIGH
8.8 Nov 01

Insecure job execution mechanism vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication

CVE-2024-45710 HIGH
7.8 Oct 16

SolarWinds Platform is susceptible to an Uncontrolled Search Path Element Local Privilege Escalation vulnerability. Rate

CVE-2024-28996 HIGH
7.5 Jun 04

The SolarWinds Platform was determined to be affected by a SWQL Injection Vulnerability. Rated high severity (CVSS 7.5),

CVE-2024-29001 HIGH
7.4 Apr 18

A SolarWinds Platform SWQL Injection Vulnerability was identified in the user interface. Rated high severity (CVSS 7.4),

CVE-2023-33225 HIGH
7.2 Jul 26

The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. Rated high severity (CVSS 7.2), this

CVE-2023-33224 HIGH
7.2 Jul 26

The SolarWinds Platform was susceptible to the Incorrect Behavior Order Vulnerability. Rated high severity (CVSS 7.2), t

CVE-2023-23844 HIGH
7.2 Jul 26

The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. Rated high severity (CVSS 7.2), this

CVE-2023-23843 HIGH
7.2 Jul 26

The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. Rated high severity (CVSS 7.2), this

CVE-2024-52612 MEDIUM
6.8 Feb 11

SolarWinds Platform is vulnerable to a reflected cross-site scripting vulnerability. Rated medium severity (CVSS 6.8), t

Share

CVE-2023-33229 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy