Vulnerabilities > CVE-2023-23836 - Deserialization of Untrusted Data vulnerability in Solarwinds Orion Platform 2022.4.1

CVSS 7.2 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

solarwinds

CWE-502

NVD

Published: 2023-02-15

Updated: 2023-08-03

Summary

SolarWinds Platform version 2022.4.1 was found to be susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to the SolarWinds Web Console to execute arbitrary commands.

Vulnerable Configurations

Part	Description	Count
Application	Solarwinds Solarwinds Orion Platform 2022.4.1	1

Common Weakness Enumeration (CWE)

CWE-502 - Deserialization of Untrusted Data

References

https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-23836
https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-1_release_notes.htm