SolarWinds releases critical patches for Access Rights Manager
Take action: If you are using SolarWinds Access Rights Manager, time for a review. First, check if the system is accessible from the internet - if yes, patch ASAP. Otherwise, plan for the next regular patch cycle, but don't avoid the patch. We've seen that hackers love SolarWinds.
Learn More
SolarWinds has announced the patching of five vulnerabilities within its Access Rights Manager (ARM) software, used for managing and auditing access rights across IT infrastructures.
- CVE-2024-23476 (CVSS score 9.6) SolarWinds Access Rights Manager Directory Traversal Remote Code Execution
- CVE-2024-23479 (CVSS score 9.6) SolarWinds Access Rights Manager Directory Traversal Remote Code Execution
- CVE-2023-40057 (CVSS score 9.0) SolarWinds ARM Deserialization of Untrusted Data Remote Code Execution
- CVE-2024-23478 (CVSS score 8.0) SolarWinds Access Rights Manager Directory Traversal Remote Code Execution
- CVE-2024-23477 (CVSS score 7.9) SolarWinds ARM Deserialization of Untrusted Data Remote Code Execution
SolarWinds addressed these security issues in its Access Rights Manager 2023.2.3 release, which includes both bug and security fixes. So far, there have been no reported instances of these vulnerabilities being exploited in the wild.
