SolarWinds Access Rights Manager OpenFile Directory Traversal Remote Code Execution Vulnerability (CVE-2023-35185)

Summary

The SolarWinds Access Rights Manager was susceptible to a Directory Traversal Remote Code Vulnerability using SYSTEM privileges.

Affected Products

  • SolarWinds ARM 2023.2.0.73 and prior versions

Fixed Software Release

Acknowledgments

  • Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) working with Trend Micro Zero Day Initiative
Advisory Details
Severity
High
Advisory ID

CVE-2023-35185

First Published
10/18/2023
Last Updated
10/18/2023
Fixed Version

SolarWinds ARM 2023.2.1

CVSS Score

CVSS:8.8AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Dowload PDF
Send an Email