ARM Vulnerable to Directory Traversal
CVE-2024-23472

8.8HIGH

Key Information:

Vendor: Solarwinds
Status: Access Rights Manager
Vendor: CVE Published:; 17 July 2024

Summary

SolarWinds Access Rights Manager (ARM) is vulnerable to a Directory Traversal issue that permits an authenticated user to read and delete arbitrary files within the system. This vulnerability poses significant risks as it can be exploited to gain unauthorized access to sensitive data, leading to potential data loss or compromise.

Affected Version(s)

Access Rights Manager previous versions <= 2023.2.4

References

https://documentation.solarwinds.com/en/success_center/ar...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 17, 2024
Vulnerability Reserved
Jan 17, 2024

Credit

Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative