Skip to main content

SolarWinds Releases Critical Security Updates for Access Rights Manager

Updates address five vulnerabilities that could lead to remote code execution

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Updates address five vulnerabilities that could lead to remote code execution


Affected platforms

The following platforms are known to be affected:

Threat details

Introduction

SolarWinds has released security updates addressing five remote code execution (RCE) vulnerabilities in Access Rights Manager (ARM).

Path traversal vulnerabilities, CVE-2024-23476 and CVE-2024-23479, are both rated as critical with a CVSSv3 score of 9.6. An unauthenticated attacker could exploit these vulnerabilities, which could lead to RCE.

The updates also address a third critical vulnerability due to deserialisation of untrusted data, CVE-2024-40057, with a CVSS score of 9.0. An authenticated attacker could exploit this vulnerability, which could lead to RCE.


Remediation advice

Affected organisations are encouraged to review the SolarWinds Security advisories and apply the necessary updates. 



Last edited: 19 February 2024 1:34 pm