Lucene search
SolarWindsCVE-2024-23471HistoryJul 17, 2024 - 3:15 p.m.
CVE-2024-23471
2024-07-1715:15:12
CWE-287
SolarWinds
web.nvd.nist.gov
29
solarwinds
access rights manager
remote code execution
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.6
Confidence
High
EPSS
0.003
Percentile
69.3%
The SolarWinds Access Rights Manager was found to be susceptible to a Remote Code Execution Vulnerability. If exploited, this vulnerability allows an authenticated user to abuse a SolarWinds service resulting in remote code execution.
Affected configurations
Node
solarwindsaccess_rights_managerRange≤2023.2.4
| Vendor | Product | Version | CPE |
|---|---|---|---|
| solarwinds | access_rights_manager | * | cpe:2.3:a:solarwinds:access_rights_manager:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "affected",
"product": "Access Rights Manager",
"vendor": "SolarWinds",
"versions": [
{
"lessThanOrEqual": "2023.2.4",
"status": "affected",
"version": "previous versions",
"versionType": "2024.3"
}
]
}
]Related
vulnrichment
vulnrichment
cvelist
cvelist
nvd
nvd
CVE-2024-23471
2024-07-17 15:15:12
thn
thn
SolarWinds Patches 8 Critical Flaws in Access Rights Manager Software
2024-07-19 07:13:00
nessus
nessus
SolarWinds ARM < 24.3 (arm_2024_3)
2024-07-19 00:00:00
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.6
Confidence
High
EPSS
0.003
Percentile
69.3%
Related for CVE-2024-23471