CVE-2023-3622: 
SolarWinds Platform vulnerability analysis and mitigation

An Access Control Bypass Vulnerability (CVE-2023-3622) was discovered in the SolarWinds Platform that affects versions 2023.2.1 and prior. The vulnerability was disclosed on July 18, 2023, and allows an underprivileged user to read arbitrary resources in the system. This security issue impacts the SolarWinds Platform software suite, which is widely used for IT management and monitoring (SolarWinds Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 4.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N. The technical assessment indicates that the vulnerability requires low attack complexity and can be exploited over the network, though it requires low privileges. The vulnerability is classified under CWE-287 (Improper Authentication) (NVD Database).

The vulnerability primarily affects the confidentiality of the system, allowing unauthorized access to resources. There are no reported impacts on system integrity or availability. The vulnerability enables underprivileged users to read arbitrary resources, potentially exposing sensitive information (SolarWinds Advisory).

SolarWinds has released version 2023.3 of the SolarWinds Platform which contains fixes for this vulnerability. Users are advised to upgrade to this version to mitigate the security risk. The fix is available through the standard update channels (SolarWinds Release Notes).