CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23843 – SolarWinds Platform Incorrect Comparison Vulnerability
https://notcve.org/view.php?id=CVE-2023-23843
The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the UpdateActionsProperties method. The issue results from an incorrect string comparison. • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-3_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/cve-2023-23843 • CWE-697: Incorrect Comparison •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33224 – SolarWinds Platform Incorrect Behavior Order Vulnerability
https://notcve.org/view.php?id=CVE-2023-33224
The SolarWinds Platform was susceptible to the Incorrect Behavior Order Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the UpdateActionsProperties method. The issue results from input validation being performed too late in a sequence of operations. • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-3_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/cve-2023-33224 • CWE-696: Incorrect Behavior Order •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33225 – SolarWinds Platform Deserialization of Untrusted Data Vulnerability
https://notcve.org/view.php?id=CVE-2023-33225
The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with SYSTEM privileges. La plataforma SolarWinds era susceptible a la vulnerabilidad de comparación incorrecta. Esta vulnerabilidad permite a los usuarios con acceso administrativo a SolarWinds Web Console ejecutar comandos arbitrarios con privilegios SYSTEM. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Platform. • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-3_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/cve-2023-33225 • CWE-697: Incorrect Comparison •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23844 – SolarWinds Platform Incomplete List of Disallowed Inputs Vulnerability
https://notcve.org/view.php?id=CVE-2023-23844
The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with SYSTEM privileges. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the BlacklistedFilesChecker class. The issue results from an incomplete list of disallowed inputs. • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-3_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-23844 • CWE-184: Incomplete List of Disallowed Inputs CWE-697: Incorrect Comparison •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23839 – SolarWinds Platform Exposure of Sensitive Information Vulnerability
https://notcve.org/view.php?id=CVE-2023-23839
The SolarWinds Platform was susceptible to the Exposure of Sensitive Information Vulnerability. This vulnerability allows users to access Orion.WebCommunityStrings SWIS schema object and obtain sensitive information. • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-2_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-23839 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •