SolarWinds Access Rights Manager Vulnerable to Directory Traversal and Information Disclosure
CVE-2024-23468

9.4CRITICAL

Key Information:

Vendor: Solarwinds
Status: Access Rights Manager
Vendor: CVE Published:; 17 July 2024

Summary

The Security flaw in SolarWinds Access Rights Manager manifests as a Directory Traversal and Information Disclosure vulnerability. The issue allows unauthorized users to traverse directory structures, leading to the potential for arbitrary file deletion and exposure of confidential information. This can significantly compromise data integrity and confidentiality, making it critical for users and organizations to review their security posture and implement necessary mitigations.

Affected Version(s)

Access Rights Manager previous versions <= 2023.2.4

References

https://documentation.solarwinds.com/en/success_center/ar...

CVSS V3.1

Score:

9.4

Severity:

CRITICAL

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 17, 2024
Vulnerability Reserved
Jan 17, 2024

Credit

Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative