Lucene search
SolarWindsCVE-2024-23467HistoryJul 17, 2024 - 3:15 p.m.
CVE-2024-23467
2024-07-1715:15:11
CWE-22
SolarWinds
web.nvd.nist.gov
33
solarwinds
access rights manager
directory traversal
information disclosure
vulnerability
unauthenticated user
remote code execution
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.5
Confidence
High
EPSS
0.003
Percentile
68.4%
The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. This vulnerability allows an unauthenticated user to perform remote code execution.
Affected configurations
Node
solarwindsaccess_rights_managerRange≤2023.2.4
| Vendor | Product | Version | CPE |
|---|---|---|---|
| solarwinds | access_rights_manager | * | cpe:2.3:a:solarwinds:access_rights_manager:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "affected",
"product": "Access Rights Manager",
"vendor": "SolarWinds",
"versions": [
{
"lessThanOrEqual": "2023.2.4",
"status": "affected",
"version": "previous versions",
"versionType": "2024.3"
}
]
}
]Related
cvelist
cvelist
vulnrichment
vulnrichment
nvd
nvd
CVE-2024-23467
2024-07-17 15:15:11
thn
thn
SolarWinds Patches 8 Critical Flaws in Access Rights Manager Software
2024-07-19 07:13:00
nessus
nessus
SolarWinds ARM < 24.3 (arm_2024_3)
2024-07-19 00:00:00
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.5
Confidence
High
EPSS
0.003
Percentile
68.4%
Related for CVE-2024-23467