7.2

CVE-2023-33225

SolarWinds Platform Deserialization of Untrusted Data Vulnerability

The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with SYSTEM privileges.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SolarwindsSolarwinds Platform Version < 2023.3.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.32% 0.87
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
psirt@solarwinds.com 7.2 1.2 5.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 1.2 5.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE-697 Incorrect Comparison

The product compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses.

https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-3_release_notes.htm
Vendor Advisory
Release Notes
https://www.solarwinds.com/trust-center/security-advisories/cve-2023-33225
Vendor Advisory