This week, SolarWinds released several warnings identifying high-severity vulnerabilities that are anticipated to be fixed by the end of February with an upgrade to the SolarWinds Platform. Five of the total seven security flaws are categorised as problems with deserializing unreliable data that might be used to execute commands. A CVSS score of 8.8 applies to four of them.
According to SolarWinds, the high-severity weaknesses, identified as CVE-2023-23836, CVE-2022-47503, CVE-2022-47504, and CVE-2022-47507, might allow “a remote adversary with Orion admin-level account access to the SolarWinds Web Console to execute arbitrary commands.”