RCE in SolarWinds Security Event Manager (CVE-2024-0692)
CVE-2024-0692 Published on March 1, 2024
SolarWinds Security Event Manager Deserialization of Untrusted Data Remote Code Execution Vulnerability
The SolarWinds Security Event Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an unauthenticated user to abuse SolarWinds service, resulting in remote code execution.
Vulnerability Analysis
Weakness Type
What is a Marshaling, Unmarshaling Vulnerability?
The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.
CVE-2024-0692 has been classified to as a Marshaling, Unmarshaling vulnerability or weakness.
Products Associated with CVE-2024-0692
Want to know whenever a new CVE is published for SolarWinds Security Event Manager? stack.watch will email you.
Affected Versions
SolarWinds Security Event Manager :- Version 2023.4 and previous versions is affected.
- Before 2023.4 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.