SolarWinds NCM Web Console Sensitive Info Exposure
CVE-2023-33228 Published on November 1, 2023

SolarWinds Network Configuration Manager Sensitive Information Disclosure Vulnerability
The SolarWinds Network Configuration Manager was susceptible to the Exposure of Sensitive Information Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to obtain sensitive information.

NVD

Vulnerability Analysis

Attack Vector:

ADJACENT_NETWORK

Attack Complexity:

LOW

Privileges Required:

HIGH

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

NONE

Availability Impact:

NONE

Weakness Type

Missing Encryption of Sensitive Data

The software does not encrypt sensitive or critical information before storage or transmission. The lack of proper data encryption passes up the guarantees of confidentiality, integrity, and accountability that properly implemented encryption conveys.

Products Associated with CVE-2023-33228

Want to know whenever a new CVE is published for SolarWinds Network Configuration Manager? stack.watch will email you.

SolarWinds Network Configuration Manager

Affected Versions

SolarWinds Network Configuration Manager Version 2023.3.1 and previous versions is affected by CVE-2023-33228

Exploit Probability

EPSS

0.04%

Percentile

13.07%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

SolarWinds NCM Web Console Sensitive Info ExposureCVE-2023-33228 Published on November 1, 2023

Vulnerability Analysis

Weakness Type

Missing Encryption of Sensitive Data

Products Associated with CVE-2023-33228

Affected Versions

Exploit Probability

SolarWinds NCM Web Console Sensitive Info Exposure
CVE-2023-33228 Published on November 1, 2023