Sensitive Information Disclosure Vulnerability
CVE-2023-40058

6.5MEDIUM

Key Information:

Vendor: Solarwinds
Status: Access Rights Manager
Vendor: CVE Published:; 21 December 2023

Summary

Sensitive data was added to our public-facing knowledgebase that, if exploited, could be used to access components of Access Rights Manager (ARM) if the threat actor is in the same environment.

Affected Version(s)

Access Rights Manager previous versions <= 2023.2.1

References

https://www.solarwinds.com/trust-center/security-advisori...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 21, 2023
Vulnerability Reserved
Aug 8, 2023

Credit

Anonymous working with Trend Micro Zero Day Initiative