SolarWinds Platform SQL Injection Remote Code Execution Vulnerability
CVE-2023-35188

8HIGH

Key Information:

Vendor

Solarwinds

Vendor
CVE Published:
6 February 2024

What is CVE-2023-35188?

An SQL Injection vulnerability exists in the SolarWinds Platform, allowing attackers to execute remote code through crafted SQL queries. The exploitation of this vulnerability necessitates user authentication, posing a significant threat to systems where SolarWinds is employed. Users are advised to review their authentication mechanisms and apply security updates as necessary from the provided advisories to mitigate potential risks.

Affected Version(s)

SolarWinds Platform 2023.4.2 and previous versions

References

CVSS V3.1

Score:
8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative
.