CVE-2023-35188: 
SolarWinds Platform vulnerability analysis and mitigation

A SQL Injection Remote Code Execution Vulnerability (CVE-2023-35188) was discovered in the SolarWinds Platform. The vulnerability was found using a create statement and requires user authentication to be exploited. The issue affects SolarWinds Platform versions 2023.4.2 and earlier, with a fix released in version 2024.1 (SolarWinds Advisory).

The vulnerability is classified as SQL Injection (CWE-89) and received a CVSS v3.1 base score of 8.0 (High). The CVSS vector string is AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating that the vulnerability requires adjacent network access, low attack complexity, low privileges, no user interaction, and can result in high impacts to confidentiality, integrity, and availability (NVD).

If successfully exploited, the vulnerability could allow an authenticated attacker to execute arbitrary code through SQL injection, potentially compromising the confidentiality, integrity, and availability of the affected system (SolarWinds Advisory).

SolarWinds has addressed this vulnerability in Platform version 2024.1. Users are advised to upgrade to this version to mitigate the risk (SolarWinds Release Notes).