CVE-2023-23844

HIGH Year: 2023
CVSS v3 Score
7.2
High
Weakness Type
CWE-184
View all →

Vulnerability Description

The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with SYSTEM privileges.

Related Vulnerabilities

CVE-2023-34252

HIGH
CVSS:7.2(High)

Grav is a flat-file content management system. Prior to version 1.7.42, there is a logic flaw in the `GravExtension.filterFilter()` function whereby validation against a denylist of unsafe functions i...

CWE-1842023

CVE-2023-34253

HIGH
CVSS:7.2(High)

Grav is a flat-file content management system. Prior to version 1.7.42, the denylist introduced in commit 9d6a2d to prevent dangerous functions from being executed via injection of malicious templates...

CWE-1842023

CVE-2021-1133

HIGH
CVSS:7.3(High)

Multiple vulnerabilities in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorizatio...

CWE-1842021

CVE-2020-14372

HIGH
CVSS:7.5(High)

A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craf...

CWE-1842020

CVE-2023-45593

MEDIUM
CVSS:6.8(Medium)

A CWE-184 “Incomplete List of Disallowed Inputs” vulnerability in the embedded Chromium browser (concerning the handling of alternative URLs, other than “ http://localhost” ) allows a physical attacke...

CWE-1842023

CVE-2015-5946

HIGH
CVSS:7.8(High)

Incomplete blacklist vulnerability in SuiteCRM 7.2.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension.

CWE-1842015