CVE-2024-23473

🗓️ 09 May 2024 12:43:51Reported by SolarWindsType

cve🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 37 Views

The SolarWinds Access Rights Manager has hard-coded credentials vulnerability allowing access to RabbitMQ management consol

Reporter	Title	Published	Views	Family All 11
BDU FSTEC	The vulnerability of the SolarWinds Access Rights Manager software, which stems from the use of strictly encrypted credentials, allows a perpetrator to gain access to the RabbitMQ management console.	3 Jun 202400:00	–	bdu_fstec
Circl	CVE-2024-23473	11 May 202418:00	–	circl
CNNVD	SolarWinds Access Rights Manager 信任管理问题漏洞	14 May 202400:00	–	cnnvd
CNVD	SolarWinds Access Rights Manager Trust Management Issue Vulnerability	20 May 202400:00	–	cnvd
Cvelist	CVE-2024-23473 SolarWinds Access Rights Manager (ARM) Hard-Coded Credentials Authentication Bypass Vulnerability	9 May 202412:43	–	cvelist
EUVD	EUVD-2024-20971	3 Oct 202520:07	–	euvd
NVD	CVE-2024-23473	14 May 202414:59	–	nvd
OSV	CVE-2024-23473	14 May 202414:59	–	osv
Tenable Nessus	SolarWinds ARM < 2023.2.4 (2023-2-4_CVE-2024-23473)	17 May 202400:00	–	nessus
Vulnrichment	CVE-2024-23473 SolarWinds Access Rights Manager (ARM) Hard-Coded Credentials Authentication Bypass Vulnerability	9 May 202412:43	–	vulnrichment

NVD

Node

solarwinds access_rights_managerRange<2023.2.4

[
  {
    "defaultStatus": "unaffected",
    "product": "Access Rights Manager",
    "vendor": "SolarWinds",
    "versions": [
      {
        "lessThanOrEqual": "2023.2.3",
        "status": "affected",
        "version": "previous versions",
        "versionType": "2023.2.3"
      }
    ]
  }
]

Source	Link
documentation	www.documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-4_release_notes.htm
solarwinds	www.solarwinds.com/trust-center/security-advisories/CVE-2024-23473

10 Feb 2025 22:48Current

8.5High risk

Vulners AI Score8.5

CVSS 3.18.6 - 9.8

EPSS0.00135

SSVC

CWE-798