Lucene search

K
vulnrichmentSolarWindsVULNRICHMENT:CVE-2023-35186
HistoryOct 19, 2023 - 2:21 p.m.

CVE-2023-35186 SolarWinds Access Rights Manager Deserialization of Untrusted Data Remote Code Execution Vulnerability

2023-10-1914:21:57
CWE-502
SolarWinds
github.com
2
solarwinds
access rights manager
rce
vulnerability
remote code execution

CVSS3

8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8

Confidence

Low

EPSS

0.011

Percentile

84.6%

SSVC

Exploitation

none

Automatable

no

Technical Impact

total

The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an authenticated user to abuse SolarWinds service resulting in remote code execution.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:solarwinds:access_rights_manager:*:*:*:*:*:*:*:*"
    ],
    "vendor": "solarwinds",
    "product": "access_rights_manager",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "custom",
        "lessThanOrEqual": "2023.2.0.73"
      }
    ],
    "defaultStatus": "unknown"
  }
]

CVSS3

8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8

Confidence

Low

EPSS

0.011

Percentile

84.6%

SSVC

Exploitation

none

Automatable

no

Technical Impact

total

Related for VULNRICHMENT:CVE-2023-35186