SolarWinds Platform Incomplete List of Disallowed Inputs Remote Code Execution Vulnerability
(CVE-2023-40062)
Summary
SolarWinds Platform Incomplete List of Disallowed Inputs Remote Code Execution Vulnerability. If executed, this vulnerability would allow a low-privileged user to execute
commands with SYSTEM privileges.
Affected Products
- SolarWinds Platform 2023.3.1 and previous versions
Fixed Software Release
Acknowledgments
- Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative
Advisory Details
Severity
8.0 High
Advisory ID
First Published
11/01/2023