SolarWinds Access Rights Manager Vulnerability Allows Bypass of Credential Authentication
CVE-2024-23473

9.8CRITICAL

Key Information:

Vendor: Solarwinds
Status: Access Rights Manager
Vendor: CVE Published:; 14 May 2024

Summary

The SolarWinds Access Rights Manager contains a hard-coded credential vulnerability that allows attackers to bypass authentication. This flaw may enable unauthorized access to the RabbitMQ management console, posing security risks for organizations relying on this product for access control and management. Organizations using affected versions should assess their exposure and implement necessary security measures to mitigate potential risks.

Affected Version(s)

Access Rights Manager previous versions <= 2023.2.3

References

https://www.solarwinds.com/trust-center/security-advisori...

https://documentation.solarwinds.com/en/success_center/ar...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 14, 2024
Vulnerability Reserved
Jan 17, 2024

Credit

Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative