SolarWinds SEM Deserialization of Untrusted Data Remote Code Execution Vulnerability

(CVE-2024-0692)

Summary

The SolarWinds Security Event Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an unauthenticated user to abuse SolarWinds' service, resulting in remote code execution.

Affected Products

SolarWinds SEM 2023.4 and prior versions

Fixed Software Release

SolarWinds SEM 2023.4.1 SR

Acknowledgments

Anonymous working with Trend Micro Zero Day Initiative

Advisory Details

Severity

8.8 High

Advisory ID

CVE-2024-0692

First Published

03/01/2024

Last Published

03/01/2024

Fixed Version

SolarWinds SEM 2023.4.1 SR

CVSS Score

CVSS:8.8:AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H