Insecure Job Execution Mechanism Vulnerability
CVE-2023-40061

8.8HIGH

Key Information:

Vendor: Solarwinds
Status: Solarwinds Platform
Vendor: CVE Published:; 1 November 2023

Summary

The vulnerability involves an insecure job execution mechanism within SolarWinds products, which may allow attackers to exploit this weakness and potentially execute malicious actions. This flaw could enable further attacks, compromising the security of affected systems and affecting overall network integrity.

Affected Version(s)

SolarWinds Platform 2023.3.1 and previous versions

References

https://www.solarwinds.com/trust-center/security-advisori...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 1, 2023
Vulnerability Reserved
Aug 8, 2023

Credit

Jakub Brzozowski "redfr0g" (STM Cyber), Kamil Falkiewicz (STM Cyber) , and Szymon Jacek (STM Cyber)