vulnerability
SolarWinds Orion Platform: SolarWinds Platform Exposed Dangerous Method Vulnerability (CVE-2023-23845)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:A/AC:L/Au:M/C:C/I:C/A:C) | Apr 7, 2026 | Apr 7, 2026 | Apr 7, 2026 |
Severity
7
CVSS
(AV:A/AC:L/Au:M/C:C/I:C/A:C)
Published
Apr 7, 2026
Added
Apr 7, 2026
Modified
Apr 7, 2026
Description
The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges.
Solution
solarwinds-orion-platform-upgrade-2023_3_1
References
- CVE-2023-23845
- https://attackerkb.com/topics/CVE-2023-23845
- CWE-697
- EUVD-EUVD-2023-27931
- https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-3-1_release_notes.htm
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2023-27931
- https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-23845
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.