Lucene search
SolarWindsCVE-2024-23472HistoryJul 17, 2024 - 3:15 p.m.
CVE-2024-23472
2024-07-1715:15:12
CWE-22
SolarWinds
web.nvd.nist.gov
34
solarwinds
arm
directory traversal
vulnerability
authenticated user
file deletion
CVSS3
9.6
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AI Score
9.1
Confidence
High
EPSS
0.002
Percentile
60.9%
SolarWinds Access Rights Manager (ARM) is susceptible to Directory Traversal vulnerability. This vulnerability allows an authenticated user to arbitrary read and delete files in ARM.
Affected configurations
Node
solarwindsaccess_rights_managerRange≤2023.2.4
| Vendor | Product | Version | CPE |
|---|---|---|---|
| solarwinds | access_rights_manager | * | cpe:2.3:a:solarwinds:access_rights_manager:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "affected",
"product": "Access Rights Manager",
"vendor": "SolarWinds",
"versions": [
{
"lessThanOrEqual": "2023.2.4",
"status": "affected",
"version": "previous versions",
"versionType": "2024.3"
}
]
}
]Related
nvd
nvd
CVE-2024-23472
2024-07-17 15:15:12
cvelist
cvelist
vulnrichment
vulnrichment
thn
thn
SolarWinds Patches 8 Critical Flaws in Access Rights Manager Software
2024-07-19 07:13:00
nessus
nessus
SolarWinds ARM < 24.3 (arm_2024_3)
2024-07-19 00:00:00
CVSS3
9.6
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AI Score
9.1
Confidence
High
EPSS
0.002
Percentile
60.9%
Related for CVE-2024-23472