SolarWinds Access Rights Manager Vulnerability Allows Unauthorized File Deletion and Information Disclosure
CVE-2024-28993

9.4CRITICAL

Key Information:

Vendor: Solarwinds
Status: Access Rights Manager
Vendor: CVE Published:; 17 July 2024

Summary

The SolarWinds Access Rights Manager is vulnerable to a directory traversal and information disclosure issue. This flaw enables an unauthenticated user to exploit the system by deleting arbitrary files and potentially accessing sensitive data. The exposure can lead to severe security breaches and unauthorized access to critical information, making it essential for organizations using this product to apply the necessary mitigations outlined in the release notes.

Affected Version(s)

Access Rights Manager previous versions <= 2023.2.4

References

https://documentation.solarwinds.com/en/success_center/ar...

CVSS V3.1

Score:

9.4

Severity:

CRITICAL

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 17, 2024
Vulnerability Reserved
Mar 13, 2024

Credit

Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative