CVE-2023-33229

CVSS 3.1 Score 3.5 of 10 (low)

Details

Published Jul 26, 2023

Updated: Oct 30, 2023

CWE ID 94

Summary

CVE-2023-33229 refers to a vulnerability in the SolarWinds Platform. This issue enabled a remote attacker with valid platform credentials to inject passive HTML by appending URL parameters. The vulnerability, classified as Incorrect Input Neutralization, did not allow for active code execution but still posed a potential security risk. The SolarWinds team has since released a patch to address this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

SolarWinds Platform

Affected Vendors

SolarWinds Inc.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sH5IbF
https://www.cve.org/CVERecord?id=CVE-2023-33229
https://nvd.nist.gov/vuln/detail/CVE-2023-33229

Back to Vulnerability Database