SolarWinds ARM Deserialization of Untrusted Data Remote Code Execution Vulnerability 

(CVE-2023-35182)

Summary

The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability can be abused by unauthenticated users on SolarWinds ARM Server.

Affected Products

  • SolarWinds ARM 2023.2.0.73 and prior versions

Fixed Software Release

Acknowledgments

  • Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) working with Trend Micro Zero Day InitiativeTrend Micro Zero Day Initiative.

Advisory Details

Severity

8.8 High

Advisory ID

First Published

10/18/2023

Last Published

10/18/2023