PT-2023-27244 · Solarwinds · Solarwinds Platform
Published
2023-11-01
·
Updated
2023-12-28
·
CVE-2023-40061
CVSS v3.1
8.8
High
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SolarWinds Platform version 2023.4
Description
The issue is related to an insecure job execution mechanism, which can lead to other attacks. This vulnerability may result in Denial of Service (DoS) or Cross-Site Scripting (XSS) attacks.
Recommendations
For SolarWinds Platform version 2023.4, update to a version that includes the fix for the insecure job execution mechanism vulnerability.
As a temporary workaround, consider restricting access to the job execution mechanism to minimize the risk of exploitation.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Solarwinds Platform