Description
The SolarWinds Security Event Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an unauthenticated user to abuse SolarWinds’ service, resulting in remote code execution.
CVSS breakdown
CVSS 3.1
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected products
- SolarWinds / Security Event Manager2023.4 and previous versions – 2023.4 and previous versions
Exploits & PoCs
- nucleiSolarWinds Security Event Manager - Unauthenticated RCEby DhiyaneshDK