SolarWindsCVELIST:CVE-2024-23477CVE-2024-23477 SolarWinds Access Rights Manager (ARM) Directory Traversal Remote Code Execution Vulnerability
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
55.7%
The SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited, this vulnerability allows an unauthenticated user to achieve a Remote Code Execution.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Access Rights Manager",
"vendor": "SolarWinds",
"versions": [
{
"lessThanOrEqual": "2023.2.2 ",
"status": "affected",
"version": "previous versions",
"versionType": "2023.2.3"
}
]
}
]Related
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
55.7%