Lucene search
07842c0e165d4d2d8733dd4eab48b3ed0f7afe38ZDI-24-351HistoryMar 28, 2024 - 12:00 a.m.
SolarWinds Access Rights Manager OpenFileStreamLocal Directory Traversal Remote Code Execution Vulnerability
2024-03-2800:00:00
07842c0e165d4d2d8733dd4eab48b3ed0f7afe38
www.zerodayinitiative.com
5
solarwinds access rights manager
vulnerability
remote code execution
openfilestreamlocal method
file operations
user-supplied path
system context
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Access Rights Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the OpenFileStreamLocal method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM.
Related
cvelist
cvelist
prion
prion
Remote code execution
2024-02-15 21:15:00
cve
cve
CVE-2024-23479
2024-02-15 21:15:10
nvd
nvd
CVE-2024-23479
2024-02-15 21:15:10
nessus
nessus
SolarWinds ARM < 2023.2.3 Multiple Vulnerabilities (arm_2023-2-3)
2024-02-22 00:00:00