SolarWinds ARM Directory Traversal Arbitrary File Deletion and Information Disclosure Vulnerability
(CVE-2024-23472)
Summary
SolarWinds Access Rights Manager (ARM) is susceptible to Directory Traversal vulnerability. This vulnerability allows an authenticated user to arbitrary read and delete files in ARM.
We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities.
Affected Products
- SolarWinds Access Rights Manager (ARM) 2023.2.4 and prior versions
Fixed Software Release
Acknowledgments
- Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative
Advisory Details
Severity
9.6 Critical
Advisory ID
First Published
07/17/2024