Lucene search
SolarWindsCVE-2023-40058HistoryDec 21, 2023 - 5:15 p.m.
CVE-2023-40058
2023-12-2117:15:07
CWE-200
SolarWinds
web.nvd.nist.gov
27
cve-2023-40058
sensitive data
public-facing
knowledgebase
access rights manager
arm
data exposure
threat actor
CVSS3
6.5
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
6.3
Confidence
High
EPSS
0.001
Percentile
38.5%
Sensitive data was added to our public-facing knowledgebase that, if exploited, could be used to access components of Access Rights Manager (ARM) if the threat actor is in the same environment.
Affected configurations
Node
solarwindsaccess_rights_managerRange≤2023.2.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| solarwinds | access_rights_manager | * | cpe:2.3:a:solarwinds:access_rights_manager:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Access Rights Manager",
"vendor": "SolarWinds",
"versions": [
{
"lessThanOrEqual": "2023.2.1",
"status": "affected",
"version": "previous versions",
"versionType": "2023.2.1"
}
]
}
]Related
prion
prion
Code injection
2023-12-21 17:15:00
nvd
nvd
CVE-2023-40058
2023-12-21 17:15:07
zdi
zdi
cvelist
cvelist
CVE-2023-40058 Sensitive Information Disclosure Vulnerability
2023-12-21 16:14:48
vulnrichment
vulnrichment
CVE-2023-40058 Sensitive Information Disclosure Vulnerability
2023-12-21 16:14:48
CVSS3
6.5
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
6.3
Confidence
High
EPSS
0.001
Percentile
38.5%
Related for CVE-2023-40058