CVE-2023-33228

MEDIUM

SolarWinds Network Configuration Manager - Info Disclosure

Title source: llm

Description

The SolarWinds Network Configuration Manager was susceptible to the Exposure of Sensitive Information Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to obtain sensitive information.

References (2)

[Release Notes] https://documentation.solarwinds.com/en/success_center/ncm/content/release_notes/ncm_2023-4_release_notes.htm

[Vendor Advisory] https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-33228

Scores

CVSS v3 4.5

EPSS 0.0004

EPSS Percentile 13.1%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-311

Status published

Products (1)

solarwinds/network_configuration_manager < 2023.4

Published Nov 01, 2023

Tracked Since Feb 18, 2026