UnAuthenticated File Deletion and Information Disclosure Vulnerability in SolarWinds Access Rights Manager
CVE-2024-28992

9.4CRITICAL

Key Information:

Vendor: Solarwinds
Status: Access Rights Manager
Vendor: CVE Published:; 17 July 2024

Summary

The SolarWinds Access Rights Manager is affected by a vulnerability that exposes it to directory traversal and information disclosure issues. This vulnerability enables unauthenticated attackers to manipulate the file structure, leading to arbitrary file deletions. Additionally, sensitive information may be leaked, thereby compromising the confidentiality and integrity of the system. Organizations using the affected versions of this product should evaluate their security measures promptly.

Affected Version(s)

Access Rights Manager previous versions <= 2023.2.4

References

https://documentation.solarwinds.com/en/success_center/ar...

CVSS V3.1

Score:

9.4

Severity:

CRITICAL

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 17, 2024
Vulnerability Reserved
Mar 13, 2024

Credit

Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative