SolarWinds Platform Deserialization of Untrusted Data Vulnerability 

(CVE-2023-33225)

Download PDF

Summary

The SolarWinds Platform was found to be susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with SYSTEM privileges.

Affected Products

  • SolarWinds Platform 2023.2.1 and prior versions

Fixed Software Release

Acknowledgments

  • Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative

Advisory Details

Severity

6.8 Medium

Advisory ID

CVE-2023-33225

First Published

07/18/2023

Last Published

07/18/2023

Fixed Version

SolarWinds Platform 2023.3

CVSS Score

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H