Unauthenticated Arbitrary File Deletion and Information Disclosure Vulnerability Affects SolarWinds Access Rights Manager
CVE-2024-23475

9.8CRITICAL

Key Information:

Vendor
Solarwinds
Status
Access Rights Manager
Vendor
CVE Published:
17 July 2024

Summary

The SolarWinds Access Rights Manager is subject to a vulnerability that enables an unauthenticated user to exploit Directory Traversal, potentially leading to arbitrary file deletions and the exposure of sensitive information. This flaw poses a significant risk in environments where Access Rights Manager is deployed, as attackers could leverage it to manipulate access controls and gain unauthorized insights into sensitive data.

Affected Version(s)

Access Rights Manager previous versions <= 2023.2.4

References

https://documentation.solarwinds.com/en/success_center/ar...

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative
.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.