SolarWinds Platform Incomplete List of Disallowed Inputs Remote Code Execution Vulnerability 

(CVE-2023-40062)

Download PDF

Summary

SolarWinds Platform Incomplete List of Disallowed Inputs Remote Code Execution Vulnerability. If executed, this vulnerability would allow a low-privileged user to execute
commands with SYSTEM privileges.

Affected Products

  • SolarWinds Platform 2023.3.1 and previous versions

Fixed Software Release

Acknowledgments

  • Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative

Advisory Details

Severity

8.0 High

Advisory ID

CVE-2023-40062

First Published

11/01/2023

Fixed Version

SolarWinds Platform 2023.4

CVSS Score

CVSS:3.1:AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1