CVE-2023-33229: 
SolarWinds Platform vulnerability analysis and mitigation

The SolarWinds Platform was identified with an Incorrect Input Neutralization Vulnerability (CVE-2023-33229). This vulnerability was discovered by security researcher Juampa Rodriguez (@UnD3sc0n0c1d0) and affects SolarWinds Platform versions 2023.2.1 and prior. The vulnerability was disclosed on July 18, 2023, and has been addressed in SolarWinds Platform version 2023.3 (Vendor Advisory).

The vulnerability allows a remote adversary with a valid SolarWinds Platform account to append URL parameters to inject passive HTML. The vulnerability has been assigned a CVSS v3.1 base score of 3.5 LOW with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N, indicating a low severity issue (NVD). The vulnerability is classified under CWE-94 (Improper Control of Generation of Code - 'Code Injection').

The vulnerability's impact is relatively limited, affecting only the integrity of the system through passive HTML injection. According to the CVSS metrics, there is no impact on confidentiality or availability of the system, with only a low impact on integrity being possible (NVD).

SolarWinds has released version 2023.3 of the SolarWinds Platform which contains fixes for this vulnerability. Users are advised to upgrade to this version to mitigate the risk (Release Notes).