CVE-2023-23839: 
SolarWinds Platform vulnerability analysis and mitigation

The SolarWinds Platform was susceptible to an Exposure of Sensitive Information Vulnerability (CVE-2023-23839), discovered and disclosed in April 2023. This vulnerability allows users to access the Orion.WebCommunityStrings SWIS schema object and obtain sensitive information. The vulnerability affects SolarWinds Platform versions prior to 2023.2 (SolarWinds Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 6.5 MEDIUM (Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). The vulnerability is classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor). The issue specifically relates to unauthorized access to the Orion.WebCommunityStrings SWIS schema object, which could lead to exposure of sensitive information (NVD Database).

The vulnerability allows unauthorized access to sensitive information through the Orion.WebCommunityStrings SWIS schema object. The impact is primarily focused on confidentiality, with no direct impact on system integrity or availability (SolarWinds Advisory).

SolarWinds recommends customers upgrade to SolarWinds Platform version 2023.2, which was released in April 2023. Additionally, customers should follow the guidance provided in the SolarWinds Secure Configuration Guide, ensuring only authorized users can access the SolarWinds Platform. Special attention should be given to configuring account settings and leveraging both account and view limitations, along with module-specific roles only for the tasks they require (SolarWinds Advisory).