SolarWinds Access Rights Manager Traversal and Information Disclosure Vulnerability
(CVE-2024-23468)
Summary
The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. This vulnerability allows an unauthenticated user to perform arbitrary file deletion and leak sensitive information.
We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities.
Affected Products
- SolarWinds Access Rights Manager (ARM) 2023.2.4 and prior versions
Fixed Software Release
Acknowledgments
- Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative
SolarWinds Access Rights Manager Directory Traversal and Information Disclosure Vulnerability
Severity
7.6 High
Advisory ID
First Published
07/17/2024