8.8
CVE-2024-0692
- EPSS 91.56%
- Veröffentlicht 01.03.2024 09:15:09
- Zuletzt bearbeitet 21.01.2025 19:07:42
- Quelle psirt@solarwinds.com
- CVE-Watchlists
- Unerledigt
LoginSolarWinds Security Event Manager Deserialization of Untrusted Data Remote Code Execution Vulnerability
The SolarWinds Security Event Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an unauthenticated user to abuse SolarWinds’ service, resulting in remote code execution.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Solarwinds ≫ Security Event Manager Version < 2023.4.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 91.56% | 0.998 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| psirt@solarwinds.com | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-502 Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
https://documentation.solarwinds.com/en/success_center/sem/content/release_notes/sem_2023-4-1_release_notes.htm
https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-0692