SolarWinds Access Rights Manager Deserialization of Untrusted Data Remote Code Execution Vulnerability

(CVE-2023-35180)

Summary

The SolarWinds Access Rights Manager was susceptible to Remote
Code Execution Vulnerability. This vulnerability allows authenticated
users to abuse SolarWinds ARM API.

Affected Products

SolarWinds ARM 2023.2.0.73 and prior versions

Fixed Software Release

SolarWinds ARM 2023.2.1

Acknowledgments

Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative

Advisory Details

Severity

8.0 High

Advisory ID

CVE-2023-35180

First Published

10/18/2023

Last Updated

10/18/2023

Fixed Version

SolarWinds ARM 2023.2.1

CVSS Score

CVSS:8.0: AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H