SolarWinds ARM Deserialization of Untrusted Data Remote Code Execution Vulnerability
(CVE-2023-35184)
Summary
The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an unauthenticated user to abuse a SolarWinds service resulting in a remote code execution.
Affected Products
- SolarWinds ARM 2023.2.0.73 and prior versions
Fixed Software Release
Acknowledgments
- Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative
Advisory Details
Severity
8.8 High
Advisory ID
First Published
10/18/2023
Last Updated
10/18/2023