Lucene search

[email protected]CVE-2023-40058

HistoryDec 21, 2023 - 5:15 p.m.

CVE-2023-40058

2023-12-2117:15:07

CWE-200

[email protected]

web.nvd.nist.gov

cve-2023-40058

sensitive data

public-facing

knowledgebase

access rights manager

arm

data exposure

threat actor

6.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.4%

JSON

Sensitive data was added to our public-facing knowledgebase that, if exploited, could be used to access components of Access Rights Manager (ARM) if the threat actor is in the same environment.

Affected configurations

NVD

Node

solarwindsaccess_rights_managerRange≤2023.2.1

CPENameOperatorVersion
solarwinds:access_rights_managersolarwinds access rights managerle2023.2.1

CPE	Name	Operator	Version
solarwinds:access_rights_manager	solarwinds access rights manager	le	2023.2.1

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Access Rights Manager",
    "vendor": "SolarWinds",
    "versions": [
      {
        "lessThanOrEqual": "2023.2.1",
        "status": "affected",
        "version": "previous versions",
        "versionType": "2023.2.1"
      }
    ]
  }
]

References

www.solarwinds.com/trust-center/security-advisories/CVE-2023-40058

6.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.4%

JSON

Related for CVE-2023-40058

prion1 nvd1 zdi1 cvelist1