SolarWinds Access Rights Manager (ARM) Traversal Remote Code Execution Vulnerability 

(CVE-2024-23477)

Download PDF

Summary

The SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited, this vulnerability allows an unauthenticated user to achieve a Remote Code Execution.

We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities.

Affected Products

  • SolarWinds Access Rights Manager (ARM) 2023.2.2 and prior versions

Fixed Software Release

Acknowledgments

  • Anonymous working with Trend Micro Zero Day Initiative

Advisory Details

Severity

7.9 High

Advisory ID

First Published

02/06/2024

Last Updated

02/06/2024

Fixed Version

CVSS Score