SolarWinds ARM Deserialization of Untrusted Data Remote Code Execution Vulnerability
(CVE-2023-35182)
Summary
The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability can be abused by unauthenticated users on SolarWinds ARM Server.
Affected Products
- SolarWinds ARM 2023.2.0.73 and prior versions
Fixed Software Release
Acknowledgments
- Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) working with Trend Micro Zero Day InitiativeTrend Micro Zero Day Initiative.
Advisory Details
Severity
8.8 High
Advisory ID
First Published
10/18/2023
Last Published
10/18/2023