Sensitive Data Disclosure Vulnerability

(CVE-2023-40058)

Summary

Sensitive data was added to our public-facing knowledgebase that, if exploited, could be used to access components of Access Rights Manager (ARM) if the threat actor is in the same environment.

Affected Products

Access Rights Manager (ARM) 2023.2.1 and previous versions

Fixed Software Release

Access Rights Manager (ARM) 2023.2.2

Acknowledgments

Anonymous working with Trend Micro Zero Day Initiative

Advisory Details

Severity

7.6 High

Advisory ID

CVE-2023-40058

First Published

12/20/2023

Last Updated

12/20/2023

Fixed Version

Access Rights Manager (ARM) 2023.2.2

Workarounds

Adding KB for ARM

CVSS Score

CVSS3.1:AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L