SolarWinds has released their Access Rights Manager version 2023.2.3, in which several vulnerabilities associated with Deserialization and Directory Traversal leading to Remote code execution have been fixed. The CVEs of these vulnerabilities were assigned with
The severity for these vulnerabilities ranges between 7.9 (High) and 9.6 (Critical). Several organizations use Access Rights Manager to gather reports about who has access to data and when the data was accessed.
However, SolarWinds has credited multiple security researchers for reporting these vulnerabilities.
Live attack simulation Webinar demonstrates various ways in which account takeover can happen and practices to protect your websites and APIs against ATO attacks .
These vulnerabilities existed in the SolarWinds Access Rights Manager, which allows an authenticated user to abuse a SolarWinds service that could result in remote code execution on the vulnerable instance. The severity for these vulnerabilities has been given as CVE-2023-40057 (9.0 – Critical) and CVE-2023-23478 (8.0 – High).
There was no additional information about this vulnerability provided by SolarWinds nor evidence of exploitation in the wild. SolarWinds also thanked Trend Micro Zero Day Initiative (ZDI) for responsibly disclosing this vulnerability.
These vulnerabilities existed in the SolarWinds Access Rights Manager that could allow an unauthenticated user to perform a remote code execution on the vulnerable instance. The severity for these vulnerabilities has been given as CVE-2024-23476 (9.6 – Critical), CVE-2024-23477 (7.9 – High), and CVE-2024-23479 (9.6 – Critical).
Moreover, these vulnerabilities were credited to an Anonymous person working with Trend Micro Zero Day Initiative. However, there was no additional information about these vulnerabilities nor any evidence of exploitation of this vulnerability.
All of these vulnerabilities existed on SolarWinds Access Rights Manager 2023.2.2. SolarWinds urges all its users to upgrade to the latest version, 2023.2.3, to prevent these vulnerabilities from being exploited by threat actors.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.
Multiple Dutch organizations have experienced significant service disruptions this week due to a series of…
A major supply chain security incident has rocked the Python open-source community as researchers at…
The Cybersecurity and Infrastructure Security Agency (CISA) has issued two new advisories revealing critical vulnerabilities…
NVIDIA has issued an urgent security advisory after discovering a significant vulnerability (CVE-2025-23254) in its…
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding a newly…
A 25-year-old man from Santa Clarita, California, has agreed to plead guilty to hacking into…