CVE-2023-23845: 
SolarWinds Platform vulnerability analysis and mitigation

CVE-2023-23845 is a vulnerability discovered in the SolarWinds Platform that was disclosed on September 12, 2023. This vulnerability, known as the Incorrect Comparison Vulnerability, affects the SolarWinds Platform versions 2023.3 and prior. The issue allows users with administrative access to the SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges (SolarWinds Advisory, NVD).

The vulnerability specifically exists within the UpdateActionsProperties method and results from an exposed dangerous method. It has been assigned a CVSS v3.1 base score of 7.2 (HIGH) according to the NVD assessment, while SolarWinds has rated it with a CVSS score of 6.8 (MEDIUM). The vulnerability is classified under CWE-697, which relates to Incorrect Comparison issues (ZDI Advisory, NVD).

If exploited, this vulnerability allows attackers to execute arbitrary code in the context of NETWORK SERVICE. The successful exploitation could lead to significant system compromise, potentially affecting the confidentiality, integrity, and availability of the system (ZDI Advisory).

SolarWinds has released version 2023.3.1 of the Platform to address this vulnerability. Users are advised to upgrade to this version to mitigate the risk. The fix was released as part of a service release that included both bug and security fixes (SolarWinds Release Notes).