Vulnerability Details : CVE-2023-33228
The SolarWinds Network Configuration Manager was susceptible to the Exposure of Sensitive Information Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to obtain sensitive information.
Products affected by CVE-2023-33228
- cpe:2.3:a:solarwinds:network_configuration_manager:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-33228
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 27 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-33228
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.9
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
1.2
|
3.6
|
NIST | |
4.5
|
MEDIUM | CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
0.9
|
3.6
|
SolarWinds |
CWE ids for CVE-2023-33228
-
The product does not encrypt sensitive or critical information before storage or transmission.Assigned by: psirt@solarwinds.com (Primary)
References for CVE-2023-33228
-
https://documentation.solarwinds.com/en/success_center/ncm/content/release_notes/ncm_2023-4_release_notes.htm
NCMÂ 2023.4 Release NotesRelease Notes
-
https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-33228
Vendor Advisory
Jump to