CVE-2023-50395

CVSS v3 8.0 HIGH

8.0^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.1 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

SQL Injection Remote Code Execution Vulnerability was found using an update statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited

References

Link	Resource
https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-1_release_notes.htm	Release Notes
https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-50395	Vendor Advisory
https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-1_release_notes.htm	Release Notes
https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-50395	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:solarwinds:solarwinds_platform:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:36

Type	Values Removed	Values Added
References	~~() https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-1_release_notes.htm - Release Notes~~	() https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-1_release_notes.htm - Release Notes
References	~~() https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-50395 - Vendor Advisory~~	() https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-50395 - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~8.8~~	v2 : unknown v3 : 8.0

Information

Published : 2024-02-06 16:15

Updated : 2024-11-21 08:36

NVD link : CVE-2023-50395

Mitre link : CVE-2023-50395

CVE.ORG link : CVE-2023-50395

JSON object : View

Products Affected

solarwinds_platform

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

{"id": "CVE-2023-50395", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.0, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.1}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2024-02-06T16:15:51.573", "references": [{"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-1_release_notes.htm", "tags": ["Release Notes"], "source": "[email protected]"}, {"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-50395", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-1_release_notes.htm", "tags": ["Release Notes"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-50395", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "\nSQL Injection Remote Code Execution Vulnerability was found using an update statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited"}, {"lang": "es", "value": "La vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de inyecci\u00f3n SQL se encontr\u00f3 mediante una declaraci\u00f3n de actualizaci\u00f3n en la plataforma SolarWinds. Esta vulnerabilidad requiere la autenticaci\u00f3n del usuario para ser explotada."}], "lastModified": "2024-11-21T08:36:57.230", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:solarwinds:solarwinds_platform:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C0CDF2DF-6E3D-4748-AA12-94A3419289FB", "versionEndExcluding": "2024.1"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}