Lucene search

SolarWindsCVELIST:CVE-2024-23470

HistoryJul 17, 2024 - 2:30 p.m.

CVE-2024-23470 SolarWinds Access Rights Manager (ARM) UserScriptHumster Exposed Dangerous Method Remote Command Execution Vulnerability

2024-07-1714:30:37

CWE-287

SolarWinds

www.cve.org

solarwinds; access rights manager; userscripthumster; pre-authentication; remote code execution; vulnerability

CVSS3

9.6

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS

0.003

Percentile

69.3%

JSON

The SolarWinds Access Rights Manager was found to be susceptible to a pre-authentication remote code execution vulnerability. If exploited, this vulnerability allows an unauthenticated user to run commands and executables.

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "Access Rights Manager",
    "vendor": "SolarWinds",
    "versions": [
      {
        "lessThanOrEqual": "2023.2.4",
        "status": "affected",
        "version": "previous versions",
        "versionType": "2024.3"
      }
    ]
  }
]

References

documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2024-3_release_notes.htm

CVSS3

9.6

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS

0.003

Percentile

69.3%

JSON

Related for CVELIST:CVE-2024-23470