Lucene search
HistoryFeb 06, 2024 - 4:15 p.m.
CVE-2023-50395
cve-2023-50395
sql injection
remote code execution
solarwinds
nvd
update statement
authentication
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
9 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
53.0%
SQL Injection Remote Code Execution Vulnerability was found using an update statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited
Affected configurations
Node
solarwindssolarwinds_platformRange<2024.1
| CPE | Name | Operator | Version |
|---|---|---|---|
| solarwinds:solarwinds_platform | solarwinds solarwinds platform | lt | 2024.1 |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "SolarWinds Platform ",
"vendor": "SolarWinds ",
"versions": [
{
"status": "affected",
"version": "2023.4.2 and previous version "
}
]
}
]Related
zdi
zdi
nvd
nvd
CVE-2023-50395
2024-02-06 16:15:51
cvelist
cvelist
CVE-2023-50395 SQL Injection Remote Code Execution Vulnerability
2024-02-06 15:59:48
prion
prion
Remote code execution
2024-02-06 16:15:00
nessus
nessus
SolarWinds Platform 2023.4.0 < 2024.1 Multiple Vulnerabilities SQLI
2024-02-08 00:00:00
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
9 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
53.0%
Related for CVE-2023-50395