Skip to main content

Solarwinds Platform CVE-2023-40056

HIGH
SQL Injection (CWE-89)
2023-11-28 psirt@solarwinds.com
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Nov 28, 2023 - 18:15 nvd
HIGH 8.8

DescriptionNVD

SQL Injection Remote Code Vulnerability was found in the SolarWinds Platform. This vulnerability can be exploited with a low privileged account.

AnalysisAI

SQL Injection Remote Code Vulnerability was found in the SolarWinds Platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as SQL Injection (CWE-89), which allows attackers to execute arbitrary SQL commands against the database. SQL Injection Remote Code Vulnerability was found in the SolarWinds Platform. This vulnerability can be exploited with a low privileged account. Affected products include: Solarwinds Solarwinds Platform.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized queries/prepared statements. Never concatenate user input into SQL. Apply least-privilege database permissions.

CVE-2024-28999 HIGH POC
7.5 Jun 04

The SolarWinds Platform was determined to be affected by a Race Condition Vulnerability affecting the web console. Rated

CVE-2023-40062 HIGH
8.8 Nov 01

SolarWinds Platform Incomplete List of Disallowed Inputs Remote Code Execution Vulnerability. Rated high severity (CVSS

CVE-2023-40061 HIGH
8.8 Nov 01

Insecure job execution mechanism vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication

CVE-2024-45710 HIGH
7.8 Oct 16

SolarWinds Platform is susceptible to an Uncontrolled Search Path Element Local Privilege Escalation vulnerability. Rate

CVE-2024-28996 HIGH
7.5 Jun 04

The SolarWinds Platform was determined to be affected by a SWQL Injection Vulnerability. Rated high severity (CVSS 7.5),

CVE-2024-29001 HIGH
7.4 Apr 18

A SolarWinds Platform SWQL Injection Vulnerability was identified in the user interface. Rated high severity (CVSS 7.4),

CVE-2023-33225 HIGH
7.2 Jul 26

The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. Rated high severity (CVSS 7.2), this

CVE-2023-33224 HIGH
7.2 Jul 26

The SolarWinds Platform was susceptible to the Incorrect Behavior Order Vulnerability. Rated high severity (CVSS 7.2), t

CVE-2023-23844 HIGH
7.2 Jul 26

The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. Rated high severity (CVSS 7.2), this

CVE-2023-23843 HIGH
7.2 Jul 26

The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. Rated high severity (CVSS 7.2), this

CVE-2024-52612 MEDIUM
6.8 Feb 11

SolarWinds Platform is vulnerable to a reflected cross-site scripting vulnerability. Rated medium severity (CVSS 6.8), t

CVE-2023-23839 MEDIUM
6.5 Apr 25

The SolarWinds Platform was susceptible to the Exposure of Sensitive Information Vulnerability. Rated medium severity (C

Share

CVE-2023-40056 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy