SolarWinds Releases Critical Security Updates for Access Rights Manager
Updates address five vulnerabilities that could lead to remote code execution
Summary
Updates address five vulnerabilities that could lead to remote code execution
Affected platforms
The following platforms are known to be affected:
Threat details
Introduction
SolarWinds has released security updates addressing five remote code execution (RCE) vulnerabilities in Access Rights Manager (ARM).
Path traversal vulnerabilities, CVE-2024-23476 and CVE-2024-23479, are both rated as critical with a CVSSv3 score of 9.6. An unauthenticated attacker could exploit these vulnerabilities, which could lead to RCE.
The updates also address a third critical vulnerability due to deserialisation of untrusted data, CVE-2024-40057, with a CVSS score of 9.0. An authenticated attacker could exploit this vulnerability, which could lead to RCE.
Remediation advice
Affected organisations are encouraged to review the SolarWinds Security advisories and apply the necessary updates.
Definitive source of threat updates
- https://www.solarwinds.com/trust-center/security-advisories/cve-2024-23476
- https://www.solarwinds.com/trust-center/security-advisories/cve-2024-23479
- https://www.solarwinds.com/trust-center/security-advisories/cve-2023-40057
- https://www.solarwinds.com/trust-center/security-advisories/cve-2024-23478
- https://www.solarwinds.com/trust-center/security-advisories/cve-2024-23477
CVE Vulnerabilities
Last edited: 19 February 2024 1:34 pm