Summary
Five security vulnerabilities have been discovered in the SolarWinds Access Rights Manager product. These vulnerabilities, if exploited, could allow a remote attacker to execute arbitrary code on affected systems.
Risk
Vulnerability Community Impact Estimate: MEDIUM/YELLOW (62.05/100)1.
Type
- Remote Code Execution
Affected Products and Versions
SolarWinds Access Rights Manager (ARM), version 2023.2.2 and earlier
Mitigation Actions
In line with vendor statements, it is recommended that vulnerable products be updated to the latest available version by following the guidance in the security bulletins listed in the References section.
Unique Vulnerability Identifiers
References
https://www.solarwinds.com/trust-center/security-advisories/cve-2023-40057
https://www.solarwinds.com/trust-center/security-advisories/cve-2024-23476
https://www.solarwinds.com/trust-center/security-advisories/cve-2024-23477
https://www.solarwinds.com/trust-center/security-advisories/cve-2024-23478
https://www.solarwinds.com/trust-center/security-advisories/cve-2024-23479
1This estimate is made taking into account several parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.
