SolarWinds Platform Incorrect Input Neutralization Vulnerability 

(CVE-2023-33229)

Download PDF

Summary

The SolarWinds Platform was found to be susceptible to the Incorrect Input Neutralization Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform account to append URL parameters to inject passive HTML.

Affected Products

  • SolarWinds Platform 2023.2.1 and prior versions

Fixed Software Release

Acknowledgments

  • Juampa Rodriguez (@UnD3sc0n0c1d0)

Advisory Details

Severity

3.1 Low

Advisory ID

CVE-2023-33229

First Published

07/18/2023

Last Published

07/18/2023

Fixed Version

SolarWinds Platform 2023.3

CVSS Score

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N