Skip to main content

Solarwinds Platform CVE-2023-3622

MEDIUM
Improper Authentication (CWE-287)
2023-07-26 psirt@solarwinds.com
4.3
CVSS 3.1 · Vendor: solarwinds
Share

Severity by source

Vendor (solarwinds) PRIMARY
4.3 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Primary rating from Vendor (solarwinds) · only source for this CVE.

CVSS VectorVendor: solarwinds

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Jul 26, 2023 - 15:15 cve.org
MEDIUM 4.3

DescriptionCVE.org

Access Control Bypass Vulnerability in the SolarWinds Platform that allows an underprivileged user to read arbitrary resource

AnalysisAI

Access Control Bypass Vulnerability in the SolarWinds Platform that allows an underprivileged user to read arbitrary resource. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Improper Authentication (CWE-287), which allows attackers to bypass authentication mechanisms to gain unauthorized access. Access Control Bypass Vulnerability in the SolarWinds Platform that allows an underprivileged user to read arbitrary resource Affected products include: Solarwinds Solarwinds Platform.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement multi-factor authentication, enforce strong password policies, use proven authentication frameworks.

CVE-2024-28999 HIGH POC
7.5 Jun 04

The SolarWinds Platform was determined to be affected by a Race Condition Vulnerability affecting the web console. Rated

CVE-2023-40056 HIGH
8.8 Nov 28

SQL Injection Remote Code Vulnerability was found in the SolarWinds Platform. Rated high severity (CVSS 8.8), this vulne

CVE-2023-40062 HIGH
8.8 Nov 01

SolarWinds Platform Incomplete List of Disallowed Inputs Remote Code Execution Vulnerability. Rated high severity (CVSS

CVE-2023-40061 HIGH
8.8 Nov 01

Insecure job execution mechanism vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication

CVE-2024-45710 HIGH
7.8 Oct 16

SolarWinds Platform is susceptible to an Uncontrolled Search Path Element Local Privilege Escalation vulnerability. Rate

CVE-2024-28996 HIGH
7.5 Jun 04

The SolarWinds Platform was determined to be affected by a SWQL Injection Vulnerability. Rated high severity (CVSS 7.5),

CVE-2024-29001 HIGH
7.4 Apr 18

A SolarWinds Platform SWQL Injection Vulnerability was identified in the user interface. Rated high severity (CVSS 7.4),

CVE-2023-33225 HIGH
7.2 Jul 26

The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. Rated high severity (CVSS 7.2), this

CVE-2023-33224 HIGH
7.2 Jul 26

The SolarWinds Platform was susceptible to the Incorrect Behavior Order Vulnerability. Rated high severity (CVSS 7.2), t

CVE-2023-23844 HIGH
7.2 Jul 26

The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. Rated high severity (CVSS 7.2), this

CVE-2023-23843 HIGH
7.2 Jul 26

The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. Rated high severity (CVSS 7.2), this

CVE-2024-52612 MEDIUM
6.8 Feb 11

SolarWinds Platform is vulnerable to a reflected cross-site scripting vulnerability. Rated medium severity (CVSS 6.8), t

Share

CVE-2023-3622 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy