Access Control Bypass Vulnerability in the SolarWinds Platform
CVE-2023-3622

4.3MEDIUM

Key Information:

Vendor

Solarwinds
Status
SolarWinds Platform
Vendor
CVE Published:
26 July 2023

What is CVE-2023-3622?

Access Control Bypass Vulnerability in the SolarWinds Platform that allows an underprivileged user to read arbitrary resource

Affected Version(s)

SolarWinds Platform Windows 2023.2 and previous versions

References

https://documentation.solarwinds.com/en/success_center/or...
https://www.solarwinds.com/trust-center/security-advisori...

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

SolarWinds would like to thank Alex Shepard reporting this issue in a responsible manner.
.